[Bug]: Wrong configuration triggers setup-page and allows user/password overrideΒ #840
Description
π Bug Summary
When a hostname of paperless cannot be resolved it redirects the user to the setup-page allowing admin password override even if it already exists.
π Description
isConfigured() fails on network/config errors (lines 250-328 in services/setupService.js):
- If the Paperless URL cannot be resolved, validateConfig() throws an error
- After retries, isConfigured() returns false
Middleware redirects to setup (lines 177-178 in routes/setup.js):
if (!isConfigured && (!process.env.PAPERLESS_AI_INITIAL_SETUP || process.env.PAPERLESS_AI_INITIAL_SETUP === 'no') && !req.path.startsWith('/setup')) { return res.redirect('/setup'); }
When isConfigured() is false, it redirects to /setup even if users already exist
π Steps to Reproduce
- Configure system
- Change paperless hostname
- Access Paperless-AI
- You get redirected to /setup
β Expected Behavior
Access to /setup must always be with authentication, except if no user is configured.
β Actual Behavior
/setup is accessible without authentication
π·οΈ Paperless-AI Version
3.0.9
π Docker Logs
n/aπ Paperless-ngx Logs
n/aπΌοΈ Screenshots of your settings page
No response
π₯οΈ Desktop Environment
Other
π» OS Version
not relevant
π Browser
Firefox
π’ Browser Version
No response
π Mobile Browser
No response
π Additional Information
- I have checked existing issues and this is not a duplicate
- I have tried debugging this issue on my own
- I can provide a fix and submit a PR
- I am sure that this problem is affecting everyone, not only me
- I have provided all required information above
π Extra Notes
No response