mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-10 16:44:50 -05:00
After login providing two-factor auth 5XX errors. Can't login. #5816
Closed
opened 2025-11-02 06:36:42 -06:00 by GiteaMirror
·
15 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#5816
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @nodesocket on GitHub (Aug 1, 2020).
[x]):Description
When logging in, and after proving a correct two-factor auth token, I am shown a 5XX error. The logs don't provide a stack trace so can't see where in the code it's breaking.
@techknowlogick commented on GitHub (Aug 1, 2020):
Here is documentation on logging that might be helpful: https://docs.gitea.io/en-us/logging-configuration/#the-xorm-logger you can enable DB logging, and you may also want to set your log level for general logs to trace as then you can get a lot more logs.
@nodesocket commented on GitHub (Aug 1, 2020):
@techknowlogick ok, I need to dig into the Kubernetes Helm chart and find where to update this value and how to re-deploy the pods with
LEVEL = Trace.@techknowlogick commented on GitHub (Aug 1, 2020):
Which helm chart are you using? I believe that our official one uses a ConfigMap to store the app.ini
@nodesocket commented on GitHub (Aug 1, 2020):
I went in and modified
templates/gitea/gitea-config.yamland updated toLEVEL = 'Trace'. The problem is getting the deployment to rebuild. Doing:Did not re-deploy the pods.
EDIT: It did update the configmap though, I verified in Kubernetes doing:
@techknowlogick commented on GitHub (Aug 2, 2020):
after updating the config map the pods won't automatically resart, there are a few things you could do, the one that is easiest is to do a
kubectl rollout restarton the deployment.@nodesocket commented on GitHub (Aug 2, 2020):
@techknowlogick thanks, running
kubectl rollout restart deployment gitea-gitearestarted the pods. However, when I go to login and provide two-factor auth, still seeing the 5XX error, but no details are logged other than:Looking at the configmap I see that
[log] LEVEL = Traceis set. Am I missing something else?@nodesocket commented on GitHub (Aug 2, 2020):
@techknowlogick well I think I know what the problem was, I updated
[log.console] LEVEL = Traceas well. However this time when I rankubectl rollout restart deployment gitea-giteathings went horribly wrong. The pods are just erroring out, and somehow it's trying to run two instances of gitea. I tried doingkubectl delete pods gitea-gitea-66487d956f-2vx4q gitea-gitea-6d9456c44b-h4j8nbut it just brings both pods back up. I even triedkubectl rollout undo gitea-gitea.Problem appears to be with PostgreSQL. Getting the PostgreSQL logs, reveals the following which makes me nervous:
Any ideas? Sorry for the tangent, still just trying to get y'all a stack trace of the two-factor auth 5XX.
@zeripath commented on GitHub (Aug 2, 2020):
Why have you put [log.console], [log.smtp] etc sections in?
I appreciate that the logging is complex - all logging configuration is - however:
Don't just copy stuff out of the sample ini! Those are just examples to show you how to structure things - they are absolutely not meant to be copied directly in to your app.ini. Most of it does nothing but could conflict with real configuration.
When it comes to any configuration, especially logging, you have to be clear what logging you want and to where you want it to go.
The simplest and easiest thing to do is to just output stuff to the console and therefore I recommend (at least at the start) to begin with the following:
Now Xorm will by default log it's SQL which I generally find unhelpful unless I really need it.
An alternative is to direct the XORM logger to a file and then match that up later.
Then later you can deal with upping the level of logging to say INFO and add specific subloggers at TRACE level with EXPRESSIONs to match specific messages but let's not run before we walk first.
@nodesocket commented on GitHub (Aug 2, 2020):
@zeripath appreciate the reply. All the log config was all done by the default Helm chart. Please see my reply above as this is now the main problem.
@techknowlogick commented on GitHub (Aug 2, 2020):
I recommend using a tool such as https://k8slens.dev/ which will provide a GUI to help debug as this is reaching into k8s debugging territory vs debugging gitea.
@nodesocket commented on GitHub (Aug 3, 2020):
I am pretty sure that
Tracelogging it now enabled, see the following from the logs notice that is saysConsole(Console:trace).However after the two-factor auth 5XX error, the logs only still only show:
@nodesocket commented on GitHub (Aug 5, 2020):
@zeripath @techknowlogick Is there anyway to just disable two-factor auth manually in the PostgreSQL database for my user? As I mentioned above, I believe I have
Tracelogging enabled, but don't see anything logged to console when I get the 5XX error after entering a valid two-factor auth token.@nodesocket commented on GitHub (Aug 5, 2020):
I was able to work around this by getting a shell into PostgreSQL and running:
Note that
uuid = 111does not exist, but this prevented the two-factor auth screen from showing when logging in. Not sure what happened. An interesting note, is I did go enable two-factor auth again for my same user, logout, then log back in and it worked using two-factor without a 5XX error.After that I went and deleted the old (broken) two-factor entry in PostgreSQL manually:
@stale[bot] commented on GitHub (Oct 4, 2020):
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
@wxiaoguang commented on GitHub (Dec 12, 2021):
This problem is caused by the lost (or regenerated) SECRET_KEY in
app.ini, Gitea can not decrypt the 2FA secret correctly.