Diagnosed the issue. Here’s what happens. data URI ends up being more in terms of memory. This is retrieved during initial login when you’re expecting a cookie. Cookie data is of limited characters and hence this gets truncated, thereby Login Failure. The fix is simple, maybe have a User Image validation check that’s all. Will dispatch the fix tomorrow at the earliest.
Meanwhile to unbrick your site simply
$ bench --site SITE_NAME mariadb
sitename> UPDATE `tabUser` SET user_image = "" WHERE name in ('firstname.lastname@example.org')
You’d need a more complex query if you want to retrieve your previous user image (via the Version DocType, but meh.)
Should fix your site. Thanks for noticing and trying this out. This issue potentially could propagate vulnerability and site down for many sites.