github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-09 04:25:18 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Can not create first user (admin) with API #2557

New Issue
Closed
opened 2025-11-02 04:40:17 -06:00 by GiteaMirror · 11 comments
GiteaMirror commented 2025-11-02 04:40:17 -06:00
Owner
Copy Link

Originally created by @toni-moreno on GitHub (Nov 21, 2018).

  • Gitea version (or commit ref): 3973572
  • Git version: 2.17
  • Operating system: debian
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • [X ] SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I'm working in a automated gitea provisioning script , and the admin user and password is provided as parameter to this script.

I've tested with as auth token the security.SECRET_KEY and security.INTERNAL_TOKEN configured in my app.ini but It doesn't work. ( as you can see below)

Which token should I use to create the first gitea user (the admin user) ?

ipasdev@ipasdev01:~/ipas-docker/gitea/gitea$ curl -i -X POST "http://git.mydomain2.org/api/v1/admin/users?access_token=P9R8gvGsZRKw4GjFQjnyUFmY00WJQA3bxzLf1BJg6hvEuzbQwc2aACBB4qwiWVS5" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"email\": \"user@example.com\", \"full_name\": \"string\", \"login_name\": \"string\", \"password\": \"string\", \"send_notify\": true, \"source_id\": 0, \"username\": \"string\"}"
HTTP/1.1 403 Forbidden
Server: nginx/1.13.12
Date: Wed, 21 Nov 2018 22:55:45 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=7050120b02bef2a4; Path=/; HttpOnly
Set-Cookie: _csrf=JgjWWByY6Bsw9w_QXcom3JhsRNQ6MTU0Mjg0MDk0NTg1MjI0MTE5MA%3D%3D; Path=/; Expires=Thu, 22 Nov 2018 22:55:45 GMT; HttpOnly
X-Frame-Options: SAMEORIGIN
Originally created by @toni-moreno on GitHub (Nov 21, 2018). - Gitea version (or commit ref): 3973572 - Git version: 2.17 - Operating system: debian - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [X ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [X] Not relevant - Log gist: ## Description I'm working in a automated gitea provisioning script , and the admin user and password is provided as parameter to this script. I've tested with as auth token the security.SECRET_KEY and security.INTERNAL_TOKEN configured in my app.ini but It doesn't work. ( as you can see below) Which token should I use to create the first gitea user (the admin user) ? ````bash ipasdev@ipasdev01:~/ipas-docker/gitea/gitea$ curl -i -X POST "http://git.mydomain2.org/api/v1/admin/users?access_token=P9R8gvGsZRKw4GjFQjnyUFmY00WJQA3bxzLf1BJg6hvEuzbQwc2aACBB4qwiWVS5" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"email\": \"user@example.com\", \"full_name\": \"string\", \"login_name\": \"string\", \"password\": \"string\", \"send_notify\": true, \"source_id\": 0, \"username\": \"string\"}" HTTP/1.1 403 Forbidden Server: nginx/1.13.12 Date: Wed, 21 Nov 2018 22:55:45 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 Set-Cookie: i_like_gitea=7050120b02bef2a4; Path=/; HttpOnly Set-Cookie: _csrf=JgjWWByY6Bsw9w_QXcom3JhsRNQ6MTU0Mjg0MDk0NTg1MjI0MTE5MA%3D%3D; Path=/; Expires=Thu, 22 Nov 2018 22:55:45 GMT; HttpOnly X-Frame-Options: SAMEORIGIN ````
GiteaMirror added the reviewed/wontfix label 2025-11-02 04:40:17 -06:00
GiteaMirror commented 2025-11-02 04:40:19 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 21, 2018):

API will not work without any user as it requires authorization, you can use command line on server to create first user

@lafriks commented on GitHub (Nov 21, 2018): API will not work without any user as it requires authorization, you can use command line on server to create first user
GiteaMirror commented 2025-11-02 04:40:20 -06:00
Author
Owner
Copy Link

@toni-moreno commented on GitHub (Nov 21, 2018):

Hi @lafriks how can I do that? perhaps via sqlite3

The only I have is the schema.

CREATE TABLE `user` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `lower_name` TEXT NOT NULL, `name` TEXT NOT NULL, `full_name` TEXT NULL, `email` TEXT NOT NULL, `keep_email_private` INTEGER NULL, `passwd` TEXT NOT NULL, `must_change_password` INTEGER DEFAULT 0 NOT NULL, `login_type` INTEGER NULL, `login_source` INTEGER DEFAULT 0 NOT NULL, `login_name` TEXT NULL, `type` INTEGER NULL, `location` TEXT NULL, `website` TEXT NULL, `rands` TEXT NULL, `salt` TEXT NULL, `language` TEXT NULL, `created_unix` INTEGER NULL, `updated_unix` INTEGER NULL, `last_login_unix` INTEGER NULL, `last_repo_visibility` INTEGER NULL, `max_repo_creation` INTEGER DEFAULT -1 NOT NULL, `is_active` INTEGER NULL, `is_admin` INTEGER NULL, `allow_git_hook` INTEGER NULL, `allow_import_local` INTEGER NULL, `allow_create_organization` INTEGER DEFAULT 1 NULL, `prohibit_login` INTEGER DEFAULT 0 NOT NULL, `avatar` TEXT NOT NULL, `avatar_email` TEXT NOT NULL, `use_custom_avatar` INTEGER NULL, `num_followers` INTEGER NULL, `num_following` INTEGER DEFAULT 0 NOT NULL, `num_stars` INTEGER NULL, `num_repos` INTEGER NULL, `description` TEXT NULL, `num_teams` INTEGER NULL, `num_members` INTEGER NULL, `diff_view_style` TEXT DEFAULT '' NOT NULL);

But I don't know how gitea is doing the "shadowing" process on the passwd field...

@toni-moreno commented on GitHub (Nov 21, 2018): Hi @lafriks how can I do that? perhaps via sqlite3 The only I have is the schema. ```sql CREATE TABLE `user` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `lower_name` TEXT NOT NULL, `name` TEXT NOT NULL, `full_name` TEXT NULL, `email` TEXT NOT NULL, `keep_email_private` INTEGER NULL, `passwd` TEXT NOT NULL, `must_change_password` INTEGER DEFAULT 0 NOT NULL, `login_type` INTEGER NULL, `login_source` INTEGER DEFAULT 0 NOT NULL, `login_name` TEXT NULL, `type` INTEGER NULL, `location` TEXT NULL, `website` TEXT NULL, `rands` TEXT NULL, `salt` TEXT NULL, `language` TEXT NULL, `created_unix` INTEGER NULL, `updated_unix` INTEGER NULL, `last_login_unix` INTEGER NULL, `last_repo_visibility` INTEGER NULL, `max_repo_creation` INTEGER DEFAULT -1 NOT NULL, `is_active` INTEGER NULL, `is_admin` INTEGER NULL, `allow_git_hook` INTEGER NULL, `allow_import_local` INTEGER NULL, `allow_create_organization` INTEGER DEFAULT 1 NULL, `prohibit_login` INTEGER DEFAULT 0 NOT NULL, `avatar` TEXT NOT NULL, `avatar_email` TEXT NOT NULL, `use_custom_avatar` INTEGER NULL, `num_followers` INTEGER NULL, `num_following` INTEGER DEFAULT 0 NOT NULL, `num_stars` INTEGER NULL, `num_repos` INTEGER NULL, `description` TEXT NULL, `num_teams` INTEGER NULL, `num_members` INTEGER NULL, `diff_view_style` TEXT DEFAULT '' NOT NULL); ``` But I don't know how gitea is doing the "shadowing" process on the passwd field...
GiteaMirror commented 2025-11-02 04:40:20 -06:00
Author
Owner
Copy Link

@toni-moreno commented on GitHub (Nov 21, 2018):

Hi @lafriks I've found the methods in golang code, but not sure how to make the same hash with a shell script ..

801843b011/models/user.go (L412-L420)

Here a real password generated with the ui.

sqlite> select id,passwd,salt from user;
1|67acb09b94a9154e756212a3f93b5d5ff4e073d31227d72ebbba0eed3074ea16e919eb3eb9c6d9a1eb63980ac80f7e42db56|Zw5R87ort1
@toni-moreno commented on GitHub (Nov 21, 2018): Hi @lafriks I've found the methods in golang code, but not sure how to make the same hash with a shell script .. https://github.com/go-gitea/gitea/blob/801843b0115e29ba2304fa6a5bea1ae169a58e02/models/user.go#L412-L420 Here a real password generated with the ui. ```bash sqlite> select id,passwd,salt from user; 1|67acb09b94a9154e756212a3f93b5d5ff4e073d31227d72ebbba0eed3074ea16e919eb3eb9c6d9a1eb63980ac80f7e42db56|Zw5R87ort1 ```
GiteaMirror commented 2025-11-02 04:40:20 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Nov 22, 2018):

@toni-moreno in command line, type
./gitea admin create-user ...

@lunny commented on GitHub (Nov 22, 2018): @toni-moreno in command line, type `./gitea admin create-user ...`
GiteaMirror commented 2025-11-02 04:40:21 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 22, 2018):

Command line docs: https://docs.gitea.io/en-us/command-line/

@lafriks commented on GitHub (Nov 22, 2018): Command line docs: https://docs.gitea.io/en-us/command-line/
GiteaMirror commented 2025-11-02 04:40:21 -06:00
Author
Owner
Copy Link

@toni-moreno commented on GitHub (Nov 22, 2018):

ups!!! sorry I didn't know about the command line tool!!! Thank you !!

@toni-moreno commented on GitHub (Nov 22, 2018): ups!!! sorry I didn't know about the command line tool!!! Thank you !!
GiteaMirror commented 2025-11-02 04:40:22 -06:00
Author
Owner
Copy Link

@toni-moreno commented on GitHub (Nov 23, 2018):

Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password ,

image

¿ How can disable this behaviour?

@toni-moreno commented on GitHub (Nov 23, 2018): Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password , ![image](https://user-images.githubusercontent.com/5883405/48924713-74c28400-eebb-11e8-94ea-7146bed1e23c.png) ¿ How can disable this behaviour?
GiteaMirror commented 2025-11-02 04:40:22 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 23, 2018):

There is argument to not require password change

@lafriks commented on GitHub (Nov 23, 2018): There is argument to not require password change
GiteaMirror commented 2025-11-02 04:40:22 -06:00
Author
Owner
Copy Link

@adelowo commented on GitHub (Nov 23, 2018):

@lafriks that functionality is not in 1.6.0 or the commit he is running . It is in the 1.7.0 milestone. https://github.com/go-gitea/gitea/pull/4955 I just even noticed that it wasn't documented, my bad. Should I go ahead to make a PR for that or wait till we are close to releasing 1.7. If I am right, docs are built from master ?

Or Maybe the first user (admin) should not be required to change his/her password?

@adelowo commented on GitHub (Nov 23, 2018): @lafriks that functionality is not in `1.6.0` or the commit he is running . It is in the `1.7.0` milestone. https://github.com/go-gitea/gitea/pull/4955 I just even noticed that it wasn't documented, my bad. Should I go ahead to make a PR for that or wait till we are close to releasing 1.7. If I am right, docs are built from `master` ? Or Maybe the first user (admin) should not be required to change his/her password?
GiteaMirror commented 2025-11-02 04:40:23 -06:00
Author
Owner
Copy Link

@adelowo commented on GitHub (Nov 23, 2018):

Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password ,

image

¿ How can disable this behaviour?

Accounts created via the command line are required to update their passwords.

We could maybe not require the first user ( admin) to change his/her password.

@adelowo commented on GitHub (Nov 23, 2018): > Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password , > > ![image](https://user-images.githubusercontent.com/5883405/48924713-74c28400-eebb-11e8-94ea-7146bed1e23c.png) > > ¿ How can disable this behaviour? Accounts created via the command line are required to update their passwords. We could maybe not require the first user ( admin) to change his/her password.
GiteaMirror commented 2025-11-02 04:40:23 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 23, 2018):

Oh, sorry flag will be only in 1.7.0. #4955 implements this

@lafriks commented on GitHub (Nov 23, 2018): Oh, sorry flag will be only in 1.7.0. #4955 implements this
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label reviewed/wontfix
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#2557
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?