github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Can't login after migration #12017

New Issue
Closed
opened 2025-11-02 09:54:43 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-02 09:54:43 -06:00
Owner
Copy Link

Originally created by @haq1an on GitHub (Nov 15, 2023).

Description

What I did before the issue:

  1. Backup docker version of Gitea.
  2. Install a new Gitea by binary from scratch.
  3. Restore Gitea dump to the new Gitea.

Then I get 500 Internal Error performing below actions:

  1. Login using LDAP accounts.
  2. Open Authentication Resources Tab from Site administration.
  3. Click "Edit" in the User Accounts tab.
    Error msg in gitea are similar, looks like related to the SECRET_KEY:
2023/11/15 14:51:37 ...s/web/admin/auths.go:54:Authentications() [E] [65546a79] auth.Sources: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1
2023/11/15 14:51:37 [65546a79] router: completed GET /admin/auths for 10.24.30.64:49429, 500 Internal Server Error in 7.6ms @ admin/auths.go:46(admin.Authentications)

2023/11/15 14:52:18 ...s/web/admin/users.go:224:prepareUserInfo() [E] [65546aa2] auth.GetSourceByID: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1
2023/11/15 14:52:18 [65546aa2] router: completed GET /admin/users/30 for 10.24.30.64:49456, 500 Internal Server Error in 3.5ms @ admin/users.go:254(admin.EditUser)

2023/11/15 14:58:33 ...ers/web/auth/auth.go:224:SignInPost() [E] [65546c19] UserSignIn: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1
2023/11/15 14:58:33 [65546c19] router: completed POST /user/login for 10.24.30.64:49585, 500 Internal Server Error in 2.5ms @ auth/auth.go:170(auth.SignInPost)

OS: Ubuntu Server 20.04

app.ini as below:

APP_NAME = Gitea:example
RUN_MODE = prod
RUN_USER = git

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH    = /data/gitea
DOMAIN           = git-test.dev.example.com
SSH_DOMAIN       = git-test.dev.example.com
HTTP_PORT        = 3000
ROOT_URL         = https://git-test.dev.example.com/
DISABLE_SSH      = false
SSH_PORT         = 22
SSH_LISTEN_PORT  = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/git/lfs
LFS_JWT_SECRET   = ....secretsecretsecretsecretsecretsecret....
OFFLINE_MODE     = false

[database]
PATH     = /data/gitea/gitea.db
DB_TYPE  = postgres
HOST     = 127.0.0.1:5432
NAME     = gitea
USER     = gitea
PASSWD   = password
LOG_SQL  = false
SCHEMA   =
SSL_MODE = disable
CHARSET  = utf8

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER        = file
GC_INTERVAL_TIME = 604800
SESSION_LIFE_TIME = 604800

[picture]
AVATAR_UPLOAD_PATH            = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR              = true
ENABLE_FEDERATED_AVATAR       = true

[attachment]
PATH = /data/gitea/attachments

[log]
MODE         = file,console
LEVEL        = info
LOG_ROTATE   = true
DAILY_ROTATE = true
MAX_DAYS     = 90
ROUTER       = console,
ROOT_PATH    = /data/gitea/log
FILE_NAME = /data/gitea/log/access.log
ENABLE_ACCESS_LOG = true

[log.console]
MODE     = console
LEVEL    = info
FLAGS    = stdflags
COLORIZE = true

[security]
INSTALL_LOCK                  = true
SECRET_KEY                    = ....secretsecretsecretsecretsecretsecret....
REVERSE_PROXY_LIMIT           = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN                = ....secretsecretsecretsecretsecretsecret....
PASSWORD_HASH_ALGO            = pbkdf2

[service]
DISABLE_REGISTRATION              = false
REQUIRE_SIGNIN_VIEW               = false
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING       = false
NO_REPLY_ADDRESS                  =

[oauth2]
JWT_SECRET = ....secretsecretsecretsecretsecretsecret....

[webhook]
ALLOWED_HOST_LIST = example.com
PAGING_NUM        = 30

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[cron.sync_external_users]
RUN_AT_START = true
SCHEDULE = @every 24h
UPDATE_EXISTING = false

[migrations]
ALLOW_LOCALNETWORKS = true
ALLOWED_DOMAINS = example.com

I tried upgrade gitea version from 19.2 to 19.4 by replacing the gitea exec file. Still the same error.

I was wondering if this is a migration related issue. Or is there any other factor that I forgot to put into consideration.

Screenshots

Screenshot 2023-11-15 at 15 05 52

Gitea Version

19.4

Can you reproduce the bug on the Gitea demo site?

No

Operating System

macOS

Browser Version

Edge Version 119.0.2151.46 (Official build) (arm64)

Originally created by @haq1an on GitHub (Nov 15, 2023). ### Description What I did before the issue: 1. Backup docker version of Gitea. 2. Install a new Gitea by binary from scratch. 3. Restore Gitea dump to the new Gitea. Then I get 500 Internal Error performing below actions: 1. Login using LDAP accounts. 2. Open Authentication Resources Tab from Site administration. 3. Click "Edit" in the User Accounts tab. Error msg in gitea are similar, looks like related to the SECRET_KEY: ``` 2023/11/15 14:51:37 ...s/web/admin/auths.go:54:Authentications() [E] [65546a79] auth.Sources: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1 2023/11/15 14:51:37 [65546a79] router: completed GET /admin/auths for 10.24.30.64:49429, 500 Internal Server Error in 7.6ms @ admin/auths.go:46(admin.Authentications) 2023/11/15 14:52:18 ...s/web/admin/users.go:224:prepareUserInfo() [E] [65546aa2] auth.GetSourceByID: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1 2023/11/15 14:52:18 [65546aa2] router: completed GET /admin/users/30 for 10.24.30.64:49456, 500 Internal Server Error in 3.5ms @ admin/users.go:254(admin.EditUser) 2023/11/15 14:58:33 ...ers/web/auth/auth.go:224:SignInPost() [E] [65546c19] UserSignIn: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1 2023/11/15 14:58:33 [65546c19] router: completed POST /user/login for 10.24.30.64:49585, 500 Internal Server Error in 2.5ms @ auth/auth.go:170(auth.SignInPost) ``` OS: Ubuntu Server 20.04 app.ini as below: ``` APP_NAME = Gitea:example RUN_MODE = prod RUN_USER = git [repository] ROOT = /data/git/repositories [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = git-test.dev.example.com SSH_DOMAIN = git-test.dev.example.com HTTP_PORT = 3000 ROOT_URL = https://git-test.dev.example.com/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /data/git/lfs LFS_JWT_SECRET = ....secretsecretsecretsecretsecretsecret.... OFFLINE_MODE = false [database] PATH = /data/gitea/gitea.db DB_TYPE = postgres HOST = 127.0.0.1:5432 NAME = gitea USER = gitea PASSWD = password LOG_SQL = false SCHEMA = SSL_MODE = disable CHARSET = utf8 [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file GC_INTERVAL_TIME = 604800 SESSION_LIFE_TIME = 604800 [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars DISABLE_GRAVATAR = true ENABLE_FEDERATED_AVATAR = true [attachment] PATH = /data/gitea/attachments [log] MODE = file,console LEVEL = info LOG_ROTATE = true DAILY_ROTATE = true MAX_DAYS = 90 ROUTER = console, ROOT_PATH = /data/gitea/log FILE_NAME = /data/gitea/log/access.log ENABLE_ACCESS_LOG = true [log.console] MODE = console LEVEL = info FLAGS = stdflags COLORIZE = true [security] INSTALL_LOCK = true SECRET_KEY = ....secretsecretsecretsecretsecretsecret.... REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = ....secretsecretsecretsecretsecretsecret.... PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = true ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = false DEFAULT_ENABLE_TIMETRACKING = false NO_REPLY_ADDRESS = [oauth2] JWT_SECRET = ....secretsecretsecretsecretsecretsecret.... [webhook] ALLOWED_HOST_LIST = example.com PAGING_NUM = 30 [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [cron.sync_external_users] RUN_AT_START = true SCHEDULE = @every 24h UPDATE_EXISTING = false [migrations] ALLOW_LOCALNETWORKS = true ALLOWED_DOMAINS = example.com ``` I tried upgrade gitea version from 19.2 to 19.4 by replacing the gitea exec file. Still the same error. I was wondering if this is a migration related issue. Or is there any other factor that I forgot to put into consideration. ### Screenshots <img width="1359" alt="Screenshot 2023-11-15 at 15 05 52" src="https://github.com/go-gitea/gitea/assets/88136037/0ad40d14-b2a7-44c5-9604-d363b441ef4d"> ### Gitea Version 19.4 ### Can you reproduce the bug on the Gitea demo site? No ### Operating System macOS ### Browser Version Edge Version 119.0.2151.46 (Official build) (arm64)
GiteaMirror added the issue/needs-feedbacktype/bugtopic/ui labels 2025-11-02 09:54:43 -06:00
GiteaMirror commented 2025-11-02 09:54:44 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Nov 16, 2023):

The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted.

Or your login_source table is corrupted (which it unlikely according to your log)

You need to fix it manually: check your login_source table records, find base64-encoded encrypted value, set them to empty string.

@wxiaoguang commented on GitHub (Nov 16, 2023): The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted. Or your `login_source` table is corrupted (which it unlikely according to your log) You need to fix it manually: check your `login_source` table records, find base64-encoded encrypted value, set them to empty string.
GiteaMirror commented 2025-11-02 09:54:44 -06:00
Author
Owner
Copy Link

@haq1an commented on GitHub (Nov 16, 2023):

The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted.

Or your login_source table is corrupted (which it unlikely according to your log)

You need to fix it manually: check your login_source table records, find base64-encoded encrypted value, set them to empty string.

It works, really appreciate it man!

@haq1an commented on GitHub (Nov 16, 2023): > The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted. > > Or your `login_source` table is corrupted (which it unlikely according to your log) > > You need to fix it manually: check your `login_source` table records, find base64-encoded encrypted value, set them to empty string. It works, really appreciate it man!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback topic/ui type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12017
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?