500 Server Error after login if User has no allowed visibility mode #10358

New Issue

Closed

opened 2025-11-02 09:05:13 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2025-11-02 09:05:13 -06:00

Owner

Copy Link

Originally created by @cchartmann on GitHub (Mar 1, 2023).

Description

1. set your user to public visible
2. set ALLOWED_USER_VISIBILITY_MODES = limited,private in app.ini
3. log in
4. enjoy the big 500 that you now can see
5. click on something and you will see, that you are successful logged in

I would expect to see some message, that tells the user, that his visibility is not allowed or something else more useful than an Internal Server Error, so he knows, he can change his visibility to avoid this error the next time.
The Admin will see the error and the reason for it the next time he checks the logs.

It would also make sense to add the information to the documentation of app.ini, so if someone makes a change on ALLOWED_USER_VISIBILITY_MODES, he knows about that.

Gitea Version

1.18.5

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Cent OS 7

How are you running Gitea?

i use an release from Github on Uberspace
see this Guide for more info:
https://lab.uberspace.de/guide_gitea/

Database

MySQL

Originally created by @cchartmann on GitHub (Mar 1, 2023). ### Description 1. set your user to public visible 2. set ALLOWED_USER_VISIBILITY_MODES = limited,private in app.ini 3. log in 4. enjoy the big 500 that you now can see 5. click on something and you will see, that you are successful logged in I would expect to see some message, that tells the user, that his visibility is not allowed or something else more useful than an Internal Server Error, so he knows, he can change his visibility to avoid this error the next time. The Admin will see the error and the reason for it the next time he checks the logs. It would also make sense to add the information to the documentation of app.ini, so if someone makes a change on ALLOWED_USER_VISIBILITY_MODES, he knows about that. ### Gitea Version 1.18.5 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System Cent OS 7 ### How are you running Gitea? i use an release from Github on Uberspace see this Guide for more info: https://lab.uberspace.de/guide_gitea/ ### Database MySQL

GiteaMirror added the type/bug label 2025-11-02 09:05:13 -06:00

GiteaMirror closed this issue 2025-11-02 09:05:13 -06:00

GiteaMirror commented 2025-11-02 09:05:14 -06:00

Author

Owner

Copy Link

@yp05327 commented on GitHub (Mar 2, 2023):

I also noticed this problem when I use helm chart to deploy gitea server.
related: https://github.com/go-gitea/gitea/issues/22523

I don't think it is safe to change ALLOWED_USER_VISIBILITY_MODES after you officially started the service.
But maybe it is better to show a warning page instead of 500 Error Page, to tell users to change the visibility, as the configration has been changed,

@yp05327 commented on GitHub (Mar 2, 2023): I also noticed this problem when I use helm chart to deploy gitea server. related: https://github.com/go-gitea/gitea/issues/22523 I don't think it is safe to change `ALLOWED_USER_VISIBILITY_MODES` after you officially started the service. But maybe it is better to show a warning page instead of 500 Error Page, to tell users to change the visibility, as the configration has been changed,

GiteaMirror commented 2025-11-02 09:05:14 -06:00

Author

Owner

Copy Link

@hyx0329 commented on GitHub (Mar 7, 2023):

I experienced this problem on the instance installed on my k3s cluster using helm chart.

Aside from the BIG 500, login page will report Could not read your security key if the user tries to log in with a U2F token. The user is logged in though.

@hyx0329 commented on GitHub (Mar 7, 2023): I experienced this problem on the instance installed on my k3s cluster using helm chart. Aside from the BIG 500, login page will report `Could not read your security key` if the user tries to log in with a U2F token. The user is logged in though.

GiteaMirror commented 2025-11-02 09:05:14 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Mar 9, 2023):

Could you give some logs about the 500 error.

@lunny commented on GitHub (Mar 9, 2023): Could you give some logs about the 500 error.

GiteaMirror commented 2025-11-02 09:05:14 -06:00

Author

Owner

Copy Link

@hyx0329 commented on GitHub (Mar 9, 2023):

@lunny just grabbed the most relevant part

2023/03/07 16:07:00 [64076124-2] router: completed GET / for 10.42.2.3:60412, 200 OK in 18.5ms @ web/home.go:33(web.Home)
2023/03/07 16:07:02 [64076126] router: completed GET /explore/repos for 10.42.2.3:60412, 303 See Other in 1.3ms @ context/auth.go:28(context.Toggle)
2023/03/07 16:07:02 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 6.640592ms
2023/03/07 16:07:02 ...odels/auth/source.go:270:ActiveSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 4.995538ms
2023/03/07 16:07:02 [64076126-2] router: completed GET /user/login for 10.42.2.3:60412, 200 OK in 49.2ms @ auth/auth.go:152(auth.SignIn)
2023/03/07 16:07:05 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.556408ms
2023/03/07 16:07:05 ...odels/auth/source.go:270:ActiveSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 3.465988ms
2023/03/07 16:07:05 ...bce556200f/engine.go:1244:Get() [I] [64076129] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 4.720487ms
2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 25.665463ms
2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 36.063718ms
2023/03/07 16:07:05 [64076129] router: completed POST /user/login for 10.42.2.3:60412, 303 See Other in 184.5ms @ auth/auth.go:177(auth.SignInPost)
2023/03/07 16:07:05 [64076129-2] router: completed GET /user/webauthn for 10.42.2.3:60412, 200 OK in 7.1ms @ auth/webauthn.go:27(auth.WebAuthn)
2023/03/07 16:07:05 models/user/user.go:936:GetUserByIDCtx() [I] [64076129-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.446446ms
2023/03/07 16:07:05 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.91122ms
2023/03/07 16:07:05 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.938054ms
2023/03/07 16:07:05 [64076129-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:60412, 200 OK in 13.0ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion)
2023/03/07 16:07:09 models/user/user.go:936:GetUserByIDCtx() [I] [6407612d] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 8.152057ms
2023/03/07 16:07:09 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 5.269422ms
2023/03/07 16:07:09 ...els/auth/webauthn.go:177:getWebAuthnCredentialByCredID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1 AND credential_id = $2) LIMIT 1 [2 [74 239 231 244 220 104 103 249 163 81 202 155 190 177 163 214 197 155 152 157 150 130 110 204 74 254 1 135 241 37 34 4 189 100 131 192 95 37 249 221 118 35 225 39 204 153 248 97 101 186 165 209 242 30 144 189 3 171 186 170 41 15 102 37 255 255 255 249]] - 15.418878ms
2023/03/07 16:07:09 ...web/auth/webauthn.go:138:WebAuthnLoginAssertionPost() [I] [6407612d] [SQL] UPDATE "webauthn_credential" SET "sign_count" = $1, "updated_unix" = $2 WHERE "id"=$3 [85 1678205229 1] - 21.451908ms
2023/03/07 16:07:09 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407612d] UpdateUserCols: visibility Mode not allowed: public
2023/03/07 16:07:09 [6407612d] router: completed POST /user/webauthn/assertion for 10.42.2.3:60412, 500 Internal Server Error in 61.3ms @ auth/webauthn.go:83(auth.WebAuthnLoginAssertionPost)

Edit: add a slightly different log

2023/03/07 16:19:40 [6407641c] router: completed GET /user/login?redirect_to=%2f for 10.42.2.3:36092, 200 OK in 12.8ms @ auth/auth.go:152(auth.SignIn)
2023/03/07 16:19:42 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.00339ms
2023/03/07 16:19:42 ...odels/auth/source.go:270:ActiveSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 2.775007ms
2023/03/07 16:19:42 ...bce556200f/engine.go:1244:Get() [I] [6407641e] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 3.114226ms
2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.862511ms
2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.77734ms
2023/03/07 16:19:42 [6407641e] router: completed POST /user/login for 10.42.2.3:36092, 303 See Other in 123.8ms @ auth/auth.go:177(auth.SignInPost)
2023/03/07 16:19:42 [6407641e-2] router: completed GET /user/webauthn for 10.42.2.3:36092, 200 OK in 5.9ms @ auth/webauthn.go:27(auth.WebAuthn)
2023/03/07 16:19:42 models/user/user.go:936:GetUserByIDCtx() [I] [6407641e-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.42982ms
2023/03/07 16:19:42 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.803008ms
2023/03/07 16:19:42 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.972472ms
2023/03/07 16:19:42 [6407641e-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:36092, 200 OK in 11.6ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion)
2023/03/07 16:19:43 [6407641f] router: completed GET /user/two_factor for 10.42.2.3:36092, 200 OK in 8.1ms @ auth/2fa.go:27(auth.TwoFactor)
2023/03/07 16:20:15 ...ls/auth/twofactor.go:139:GetTwoFactorByUID() [I] [6407643f] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.984139ms
2023/03/07 16:20:15 models/user/user.go:936:GetUserByIDCtx() [I] [6407643f] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.464529ms
2023/03/07 16:20:16 .../web/wrap_convert.go:47:func3() [I] [6407643f] [SQL] UPDATE "two_factor" SET "uid" = $1, "secret" = $2, "scratch_salt" = $3, "scratch_hash" = $4, "last_used_passcode" = $5, "updated_unix" = $6 WHERE "id"=$7 [2 REDACTED_ANYWAY REDACTED_ANYWAY REDACTED_ANYWAY 024417 1678206015 1] - 10.769268ms
2023/03/07 16:20:16 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407643f] UpdateUserCols: visibility Mode not allowed: public
2023/03/07 16:20:16 [6407643f] router: completed POST /user/two_factor for 10.42.2.3:36092, 500 Internal Server Error in 25.1ms @ auth/2fa.go:45(auth.TwoFactorPost)

@hyx0329 commented on GitHub (Mar 9, 2023): @lunny just grabbed the most relevant part ``` 2023/03/07 16:07:00 [64076124-2] router: completed GET / for 10.42.2.3:60412, 200 OK in 18.5ms @ web/home.go:33(web.Home) 2023/03/07 16:07:02 [64076126] router: completed GET /explore/repos for 10.42.2.3:60412, 303 See Other in 1.3ms @ context/auth.go:28(context.Toggle) 2023/03/07 16:07:02 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 6.640592ms 2023/03/07 16:07:02 ...odels/auth/source.go:270:ActiveSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 4.995538ms 2023/03/07 16:07:02 [64076126-2] router: completed GET /user/login for 10.42.2.3:60412, 200 OK in 49.2ms @ auth/auth.go:152(auth.SignIn) 2023/03/07 16:07:05 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.556408ms 2023/03/07 16:07:05 ...odels/auth/source.go:270:ActiveSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 3.465988ms 2023/03/07 16:07:05 ...bce556200f/engine.go:1244:Get() [I] [64076129] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 4.720487ms 2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 25.665463ms 2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 36.063718ms 2023/03/07 16:07:05 [64076129] router: completed POST /user/login for 10.42.2.3:60412, 303 See Other in 184.5ms @ auth/auth.go:177(auth.SignInPost) 2023/03/07 16:07:05 [64076129-2] router: completed GET /user/webauthn for 10.42.2.3:60412, 200 OK in 7.1ms @ auth/webauthn.go:27(auth.WebAuthn) 2023/03/07 16:07:05 models/user/user.go:936:GetUserByIDCtx() [I] [64076129-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.446446ms 2023/03/07 16:07:05 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.91122ms 2023/03/07 16:07:05 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.938054ms 2023/03/07 16:07:05 [64076129-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:60412, 200 OK in 13.0ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion) 2023/03/07 16:07:09 models/user/user.go:936:GetUserByIDCtx() [I] [6407612d] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 8.152057ms 2023/03/07 16:07:09 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 5.269422ms 2023/03/07 16:07:09 ...els/auth/webauthn.go:177:getWebAuthnCredentialByCredID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1 AND credential_id = $2) LIMIT 1 [2 [74 239 231 244 220 104 103 249 163 81 202 155 190 177 163 214 197 155 152 157 150 130 110 204 74 254 1 135 241 37 34 4 189 100 131 192 95 37 249 221 118 35 225 39 204 153 248 97 101 186 165 209 242 30 144 189 3 171 186 170 41 15 102 37 255 255 255 249]] - 15.418878ms 2023/03/07 16:07:09 ...web/auth/webauthn.go:138:WebAuthnLoginAssertionPost() [I] [6407612d] [SQL] UPDATE "webauthn_credential" SET "sign_count" = $1, "updated_unix" = $2 WHERE "id"=$3 [85 1678205229 1] - 21.451908ms 2023/03/07 16:07:09 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407612d] UpdateUserCols: visibility Mode not allowed: public 2023/03/07 16:07:09 [6407612d] router: completed POST /user/webauthn/assertion for 10.42.2.3:60412, 500 Internal Server Error in 61.3ms @ auth/webauthn.go:83(auth.WebAuthnLoginAssertionPost) ``` Edit: add a slightly different log ``` 2023/03/07 16:19:40 [6407641c] router: completed GET /user/login?redirect_to=%2f for 10.42.2.3:36092, 200 OK in 12.8ms @ auth/auth.go:152(auth.SignIn) 2023/03/07 16:19:42 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.00339ms 2023/03/07 16:19:42 ...odels/auth/source.go:270:ActiveSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 2.775007ms 2023/03/07 16:19:42 ...bce556200f/engine.go:1244:Get() [I] [6407641e] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 3.114226ms 2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.862511ms 2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.77734ms 2023/03/07 16:19:42 [6407641e] router: completed POST /user/login for 10.42.2.3:36092, 303 See Other in 123.8ms @ auth/auth.go:177(auth.SignInPost) 2023/03/07 16:19:42 [6407641e-2] router: completed GET /user/webauthn for 10.42.2.3:36092, 200 OK in 5.9ms @ auth/webauthn.go:27(auth.WebAuthn) 2023/03/07 16:19:42 models/user/user.go:936:GetUserByIDCtx() [I] [6407641e-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.42982ms 2023/03/07 16:19:42 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.803008ms 2023/03/07 16:19:42 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.972472ms 2023/03/07 16:19:42 [6407641e-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:36092, 200 OK in 11.6ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion) 2023/03/07 16:19:43 [6407641f] router: completed GET /user/two_factor for 10.42.2.3:36092, 200 OK in 8.1ms @ auth/2fa.go:27(auth.TwoFactor) 2023/03/07 16:20:15 ...ls/auth/twofactor.go:139:GetTwoFactorByUID() [I] [6407643f] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.984139ms 2023/03/07 16:20:15 models/user/user.go:936:GetUserByIDCtx() [I] [6407643f] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.464529ms 2023/03/07 16:20:16 .../web/wrap_convert.go:47:func3() [I] [6407643f] [SQL] UPDATE "two_factor" SET "uid" = $1, "secret" = $2, "scratch_salt" = $3, "scratch_hash" = $4, "last_used_passcode" = $5, "updated_unix" = $6 WHERE "id"=$7 [2 REDACTED_ANYWAY REDACTED_ANYWAY REDACTED_ANYWAY 024417 1678206015 1] - 10.769268ms 2023/03/07 16:20:16 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407643f] UpdateUserCols: visibility Mode not allowed: public 2023/03/07 16:20:16 [6407643f] router: completed POST /user/two_factor for 10.42.2.3:36092, 500 Internal Server Error in 25.1ms @ auth/2fa.go:45(auth.TwoFactorPost) ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#10358