Users stuck in password reset loop

We are running Metabase 0.48.0 docker image (free version) on Linux Ubuntu Jammy 22.04.
Postgres is used as the configuration database.

Our problem: At least two users and possibly more are stuck in an endless password reset cycle:

  1. Get invitation email
  2. Create password and sign in for the first time
  3. Use Metabase and sign out
  4. Attempt to sign in again. Password invalid. This is the logger message (default logging options only):
  5. Choose password reset option.
  6. Follow link in password reset email. Reset password and sign in to metabase.
  7. Repeat from 3.

This has been repeated enough times by competent individuals for it not to be a simple matter of not typing passwords correctly.

Other users are fine.

I have attempted to reset the users' passwords from the admin console, which didn't work.
I am at a loss as to how to resolve this problem. Does anyone have any pointers?

Below are more details about my setup. Note that password complexity is set to strong. Please let me know of other details required:

Compose yaml:

version: '3.9' 

services: 

  metabase: 
    image: metabase/metabase:latest 
    container_name: metabase 
    hostname: metabase 

    volumes: 
    - /dev/urandom:/dev/random:ro 

    ports: 
      - 3000:3000 

    environment: 
      MB_DB_TYPE: postgres 
      MB_DB_DBNAME: metabase 
      MB_DB_PORT: 5432 
      MB_DB_USER_FILE: /run/secrets/db_user 
      MB_DB_PASS_FILE: /run/secrets/db_password 
      MB_DB_HOST: postgres 

    env_file: 
      - metabase.env 

    healthcheck: 
      test: curl --fail -I http://localhost:3000/api/health || exit 1 
      interval: 15s 
      retries: 5 
      start_period: 10s 
      timeout: 5s 

    networks: 
      - metanet1 

    depends_on: 
      - postgres 

    secrets: 
      - db_password 
      - db_user 

  postgres: 
    image: postgres:latest 
    container_name: postgres 
    hostname: postgres 

    environment: 
      POSTGRES_USER_FILE: /run/secrets/db_user 
      POSTGRES_DB: metabase 
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password 

    healthcheck: 
      test: ['CMD', 'pg_isready', '-U', 'postgres'] 

    volumes: 
      - ./postgresql:/var/lib/postgresql/data 

    networks: 
      - metanet1 

    secrets: 
      - db_password 
      - db_user 

networks: 
  metanet1: 
    driver: bridge 

secrets: 
   db_password: 
     file: db_password.txt 
   db_user: 
     file: db_user.txt 

env file:

MB_SITE_URL=[censored] 
MB_SITE_NAME="MetabaseNew" 
MB_ADMIN_EMAIL=[censored]
MB_EMAIL_FROM_ADDRESS=[censored] 
MB_EMAIL_FROM_NAME=Metabase(new) 
MB_EMAIL_SMTP_HOST=192.168.[censored] 
MB_EMAIL_SMTP_PORT=25 
MB_EMAIL_SMTP_SECURITY=[censored]  

MB_ENCRYPTION_SECRET_KEY=[censored]  
MB_ANON_TRACKING_ENABLED=false 
MB_APPLICATION_NAME=Cottonsoft Metabase (New) 
MB_PASSWORD_COMPLEXITY=strong

Can you try the same flow but copying and pasting the password they enter when they reset it? I need the users to see the password they're typing

I will try this and get back to you

Hi Luiggi, we have tried copying+pasting as you suggested, but it doesn't work. So there is something else going on.

Does anyone have any suggestions?

your browser is inserting weird characters? does this happen to all users or to a subset?

Just to a subset, and I don't think it's likely that strange characters are being inserted.

Is there a way to delete and re-add the user?

Would changing the password policy help?

Try changing the password policy first, although I don’t believe that will work

To delete the user you can deactivate those from the user panel in the admin, although they won’t be deleted but just deactivated. Try adding those with new emails