github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

External login source becomes disabled every now and then #7438

New Issue
Closed
opened 2025-11-02 07:25:56 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-02 07:25:56 -06:00
Owner
Copy Link

Originally created by @pixelspark on GitHub (Jun 7, 2021).

  • Gitea version (or commit ref): 1.14.2 (Docker image)
  • Git version: (Whatever's included in the Docker image, does not seem to be relevant)
  • Operating system: Linux (Docker)
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
  • Log gist:

Did not find any mention in log, but this was running at production without debugging logs turned on. Can turn them on for a while if desired.

Description

For some reason, is_activated is sometimes reset to 0 for our primary login_source. Although I cannot rule out external causes completely (i.e. some weird issue with MySQL replication) my suspicion is that Gitea makes this change (e.g. when the login source is temporarily unavailable?).

Screenshots

This is what login_source looks like after the source was deactivated (the first two sources are deliberately disabled, the 'bouncer' login source is the one that becomes disabled every now and then):

image

Originally created by @pixelspark on GitHub (Jun 7, 2021). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq) 5. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.14.2 (Docker image) - Git version: (Whatever's included in the Docker image, does not seem to be relevant) - Operating system: Linux (Docker) <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package --> <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. ---> <!-- If you are using a package or systemd tell us what distribution you are using --> - Database (use `[x]`): - [ ] PostgreSQL - [X] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [X] No - Log gist: <!-- It really is important to provide pertinent logs --> <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems --> <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini --> Did not find any mention in log, but this was running at production without debugging logs turned on. Can turn them on for a while if desired. ## Description <!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services. --> For some reason, `is_activated` is sometimes reset to `0` for our primary `login_source`. Although I cannot rule out external causes completely (i.e. some weird issue with MySQL replication) my suspicion is that Gitea makes this change (e.g. when the login source is temporarily unavailable?). ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** --> This is what `login_source` looks like after the source was deactivated (the first two sources are deliberately disabled, the 'bouncer' login source is the one that becomes disabled every now and then): ![image](https://user-images.githubusercontent.com/181337/120992938-5d023100-c783-11eb-90eb-10eabd73afa3.png)
GiteaMirror commented 2025-11-02 07:25:57 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jun 7, 2021):

Is there a SQL log to change the table?

@lunny commented on GitHub (Jun 7, 2021): Is there a SQL log to change the table?
GiteaMirror commented 2025-11-02 07:25:57 -06:00
Author
Owner
Copy Link

@pixelspark commented on GitHub (Jun 7, 2021):

Not in the current logs (I disabled detailed SQL logging a while ago). Will check logs when it happens again. Anyone an idea about places in Gitea code that might make this change? (I could then check these..)

@pixelspark commented on GitHub (Jun 7, 2021): Not in the current logs (I disabled detailed SQL logging a while ago). Will check logs when it happens again. Anyone an idea about places in Gitea code that might make this change? (I could then check these..)
GiteaMirror commented 2025-11-02 07:25:57 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jun 8, 2021):

I suspect this is intentional on behalf of Gitea, in 1.14 there was a change that instead of failing via panic when an oidc auth source is not available on startup, Gitea would instead just disable the auth source (to at least allow the binary to start).

@techknowlogick commented on GitHub (Jun 8, 2021): I suspect this is intentional on behalf of Gitea, in 1.14 there was a change that instead of failing via panic when an oidc auth source is not available on startup, Gitea would instead just disable the auth source (to at least allow the binary to start).
GiteaMirror commented 2025-11-02 07:25:57 -06:00
Author
Owner
Copy Link

@pixelspark commented on GitHub (Jun 9, 2021):

I suspect this is intentional on behalf of Gitea, in 1.14 there was a change that instead of failing via panic when an oidc auth source is not available on startup, Gitea would instead just disable the auth source (to at least allow the binary to start).

Hm, any idea how (or where in the code) it checks this? Why does it need OIDC auth on startup and could that check be disabled?

@pixelspark commented on GitHub (Jun 9, 2021): > I suspect this is intentional on behalf of Gitea, in 1.14 there was a change that instead of failing via panic when an oidc auth source is not available on startup, Gitea would instead just disable the auth source (to at least allow the binary to start). Hm, any idea how (or where in the code) it checks this? Why does it need OIDC auth on startup and could that check be disabled?
GiteaMirror commented 2025-11-02 07:25:57 -06:00
Author
Owner
Copy Link

@vosdim-supportsquare commented on GitHub (Jul 27, 2021):

I am experiencing the same issue, probably when a node restarts and gitea startup is faster than keycloak (no redundancy). So this would follow the scenario described by techknowlogick. I am also interested to know if this check can be disabled.

@vosdim-supportsquare commented on GitHub (Jul 27, 2021): I am experiencing the same issue, probably when a node restarts and gitea startup is faster than keycloak (no redundancy). So this would follow the scenario described by techknowlogick. I am also interested to know if this check can be disabled.
GiteaMirror commented 2025-11-02 07:25:58 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 27, 2021):

@pixelspark @vosdim-supportsquare the disabling occurs as part of #14802.

Prior to this Gitea would simply Fatal and die.

Given that scenario disabling is clearly better.

I think a different approach is possible (re-attempt registration at time of login) but it means we will need to add locking to our oauth2 provider implementation otherwise there will be serious data races. (Some of which are already present but this means that they're actually more likely to cause trouble.)

I am currently in the middle of refactoring the login sources for 1.16 so having now seen these races I will be able to add changes in to ameliorate them - but backporting will be difficult.

@zeripath commented on GitHub (Jul 27, 2021): @pixelspark @vosdim-supportsquare the disabling occurs as part of #14802. Prior to this Gitea would simply Fatal and die. Given that scenario disabling is clearly better. --- I think a different approach is possible (re-attempt registration at time of login) but it means we will need to add locking to our oauth2 provider implementation otherwise there will be serious data races. (Some of which are already present but this means that they're actually more likely to cause trouble.) I am currently in the middle of refactoring the login sources for 1.16 so having now seen these races I will be able to add changes in to ameliorate them - but backporting will be difficult.
GiteaMirror commented 2025-11-02 07:25:58 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 28, 2021):

I would also note that no-one has told us the contents of the Critical log entry when Gitea explains that it is disabling the login source.

It would be helpful to see it.

@zeripath commented on GitHub (Jul 28, 2021): I would also note that no-one has told us the contents of the Critical log entry when Gitea explains that it is disabling the login source. It would be helpful to see it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#7438
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?