Unable to re-register a security key (webauthn_credential_pkey constraint) #8659

New Issue

GiteaMirror · 2025-11-02T08:13:40-06:00

GiteaMirror commented

2025-11-02 08:13:40 -06:00

Originally created by @pilou- on GitHub (Mar 6, 2022).

Gitea Version

1.16.3

Git Version

2.30.2

Operating System

Debian GNU/Linux

How are you running Gitea?

I am using the upstream binary from GitHub on amd64.

Database

PostgreSQL

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

I just upgraded to 1.16.3:

/srv/gitea/bin/gitea-1.16.3-linux-amd64 --config /etc/gitea/gitea.ini migrate # the migration is successful
GITEA_WORK_DIR=/srv/gitea /srv/gitea/bin/gitea-1.16.3-linux-amd64 --config /etc/gitea/gitea.ini web

When I authenticated using my security key, this message appeared:

The key: 'securitykey' authenticates using the deprecated U2F process. You should re-register this key and remove the old registration.

then I removed my security key from my gitea account and I tried to re-register it. I was unable to re-register it:

Could not read your security key.
unknown error

The gitea log contains:

2022/03/06 04:49:08 ...els/auth/webauthn.go:138:getWebAuthnCredentialByName() [I] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1 AND lower_name = $2) LIMIT 1 [312 solokey] - 1.934689ms
2022/03/06 04:49:08 models/db/context.go:127:Insert() [I] [SQL] INSERT INTO "webauthn_credential" ("name","lower_name","user_id","credential_id","public_key","attestation_type","aaguid","sign_count","clone_warning","created_unix","updated_unix") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11) RETURNING "id" [solokey solokey 312 [...] fido-u2f [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0] 0 false 1646538548 1646538548] - 1.940643ms
2022/03/06 04:49:08 ...security/webauthn.go:103:WebauthnRegisterPost() [E] CreateCredential: pq: la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey »

Once the following SQL commands has been executed, I was able to re-register my security key:

select nextval('webauthn_credential_id_seq'::regclass);

This issue seems related to #18881.

Screenshots

No response

Originally created by @pilou- on GitHub (Mar 6, 2022). ### Gitea Version 1.16.3 ### Git Version 2.30.2 ### Operating System Debian GNU/Linux ### How are you running Gitea? I am using the upstream binary from GitHub on amd64. ### Database PostgreSQL ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Description I just upgraded to 1.16.3: ```bash /srv/gitea/bin/gitea-1.16.3-linux-amd64 --config /etc/gitea/gitea.ini migrate # the migration is successful GITEA_WORK_DIR=/srv/gitea /srv/gitea/bin/gitea-1.16.3-linux-amd64 --config /etc/gitea/gitea.ini web ``` When I authenticated using my security key, this message appeared: ``` The key: 'securitykey' authenticates using the deprecated U2F process. You should re-register this key and remove the old registration. ``` then I removed my security key from my gitea account and I tried to re-register it. I was unable to re-register it: ``` Could not read your security key. unknown error ``` The gitea log contains: ``` 2022/03/06 04:49:08 ...els/auth/webauthn.go:138:getWebAuthnCredentialByName() [I] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1 AND lower_name = $2) LIMIT 1 [312 solokey] - 1.934689ms 2022/03/06 04:49:08 models/db/context.go:127:Insert() [I] [SQL] INSERT INTO "webauthn_credential" ("name","lower_name","user_id","credential_id","public_key","attestation_type","aaguid","sign_count","clone_warning","created_unix","updated_unix") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11) RETURNING "id" [solokey solokey 312 [...] fido-u2f [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0] 0 false 1646538548 1646538548] - 1.940643ms 2022/03/06 04:49:08 ...security/webauthn.go:103:WebauthnRegisterPost() [E] CreateCredential: pq: la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey » ``` Once the following SQL commands has been executed, I was able to re-register my security key: ``` select nextval('webauthn_credential_id_seq'::regclass); ``` This issue seems related to #18881. ### Screenshots _No response_

GiteaMirror added the issue/critical type/bug labels 2025-11-02 08:13:40 -06:00

GiteaMirror closed this issue

2025-11-02 08:13:40 -06:00

GiteaMirror commented

2025-11-02 08:13:41 -06:00

@singuliere commented on GitHub (Mar 6, 2022):

Could you please specify the Gitea version from which you upgraded? Was it 1.15.11?

@singuliere commented on GitHub (Mar 6, 2022): Could you please specify the Gitea version from which you upgraded? Was it 1.15.11?

GiteaMirror commented

2025-11-02 08:13:41 -06:00

@singuliere commented on GitHub (Mar 6, 2022):

@zeripath does this ring a bell?

@singuliere commented on GitHub (Mar 6, 2022): @zeripath does this ring a bell?

GiteaMirror commented

2025-11-02 08:13:41 -06:00

@pilou- commented on GitHub (Mar 6, 2022):

Could you please specify the Gitea version from which you upgraded? Was it 1.15.11?

I mentioned it in the redmine issue but not here :-/ The current version is 1.15.11 indeed 👍

@pilou- commented on GitHub (Mar 6, 2022): > Could you please specify the Gitea version from which you upgraded? Was it 1.15.11? I mentioned it in the redmine issue but not here :-/ The current version is 1.15.11 indeed :+1:

GiteaMirror commented

2025-11-02 08:13:41 -06:00

@zeripath commented on GitHub (Mar 7, 2022):

2022/03/06 04:49:08 ...security/webauthn.go:103:WebauthnRegisterPost() [E] CreateCredential: pq: la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey »

I'm not sure but it looks like your postgres primary key sequence is out of date. I guess this is related to the damned migration.

IIRC running gitea doctor recreate-table webauthn_credential should recreate the sequence and update it.

@zeripath commented on GitHub (Mar 7, 2022): > 2022/03/06 04:49:08 ...security/webauthn.go:103:WebauthnRegisterPost() [E] CreateCredential: pq: la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey » I'm not sure but it looks like your postgres primary key sequence is out of date. I guess this is related to the damned migration. IIRC running `gitea doctor recreate-table webauthn_credential` should recreate the sequence and update it.

GiteaMirror commented

2025-11-02 08:13:42 -06:00

@pilou- commented on GitHub (Mar 8, 2022):

@zeripath note that only Gitea 1.15.11 was connected to this postgres database. In order to test the migration from 1.15.11 to 1.16.2 then from 1.15.11 to 1.16.3, a copy of the database was used.

@pilou- commented on GitHub (Mar 8, 2022): @zeripath note that only Gitea 1.15.11 was connected to this postgres database. In order to test the migration from 1.15.11 to 1.16.2 then from 1.15.11 to 1.16.3, a [copy of the database](https://agir.april.org/issues/5811#Proc%C3%A9dure-de-test-permettant-de-valider-le-bon-fonctionnement-de-la-mise-%C3%A0-jour) was used.

GiteaMirror commented

2025-11-02 08:13:42 -06:00

@zeripath commented on GitHub (Mar 8, 2022):

That doesn't matter.

Have you run the requested command or use the doctor dbconsistency fixing command?

We'll need to fix v210 again to forcibly update the sequence counter for everyone but the suggested command should do that for you.

@zeripath commented on GitHub (Mar 8, 2022): That doesn't matter. Have you run the requested command or use the doctor dbconsistency fixing command? We'll need to fix v210 again to forcibly update the sequence counter for everyone but the suggested command should do that for you.

GiteaMirror commented

2025-11-02 08:13:42 -06:00

@zeripath commented on GitHub (Mar 10, 2022):

Following migration to 1.16 could you please run:

gitea doctor recreate-table webauthn_credential

or in postgres:

SELECT setval('webauthn_credential_id_seq', COALESCE((SELECT MAX(id)+1 FROM `webauthn_credential`), 1), false)

@zeripath commented on GitHub (Mar 10, 2022): Following migration to 1.16 could you please run: ```bash gitea doctor recreate-table webauthn_credential ``` or in postgres: ```sql SELECT setval('webauthn_credential_id_seq', COALESCE((SELECT MAX(id)+1 FROM `webauthn_credential`), 1), false) ```

GiteaMirror commented

2025-11-02 08:13:42 -06:00

@pilou- commented on GitHub (Mar 16, 2022):

Following migration to 1.16 could you please run:

gitea doctor recreate-table webauthn_credential

or in postgres:

SELECT setval('webauthn_credential_id_seq', COALESCE((SELECT MAX(id)+1 FROM `webauthn_credential`), 1), false)

Following the migration from 1.15.11 to 1.16.3 (after the gitea migrate had been executed):

I ran gitea doctor recreate-table webauthn_credential and I was still able to reproduce the issue:

2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration ERREUR:  la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey »
2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration DÉTAIL:  La clé « (id)=(2) » existe déjà.
2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration INSTRUCTION :  INSERT INTO "webauthn_credential" ("name","lower_name","user_id","credential_id","public_key","attestation_type","aaguid","sign_count","clone_warning","created_unix","updated_unix") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11) RETURNING "id

next I ran the SQL query, then I didn't encounter the error.

Following the migration from 1.15.11 to 1.16.4 and after the gitea migrate had been executed, I wasn't able to reproduce this issue :)

Thanks!

@pilou- commented on GitHub (Mar 16, 2022): > Following migration to 1.16 could you please run: > > ```shell > gitea doctor recreate-table webauthn_credential > ``` > > or in postgres: > > ```sql > SELECT setval('webauthn_credential_id_seq', COALESCE((SELECT MAX(id)+1 FROM `webauthn_credential`), 1), false) > ``` * Following the migration from 1.15.11 to 1.16.3 (after the `gitea migrate` had been executed): 1. I ran `gitea doctor recreate-table webauthn_credential` and I was still able to reproduce the issue: <pre> 2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration ERREUR: la valeur d'une clé dupliquée rompt la contrainte unique « webauthn_credential_pkey » 2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration DÉTAIL: La clé « (id)=(2) » existe déjà. 2022-03-16 00:39:19.258 CET [3619346] giteadbadmin@testmigration INSTRUCTION : INSERT INTO "webauthn_credential" ("name","lower_name","user_id","credential_id","public_key","attestation_type","aaguid","sign_count","clone_warning","created_unix","updated_unix") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11) RETURNING "id </pre> 2. next I ran the SQL query, then I didn't encounter the error. * Following the migration from 1.15.11 to 1.16.4 and after the `gitea migrate` had been executed, I wasn't able to reproduce this issue :) Thanks!

GiteaMirror referenced this issue

2025-11-02 08:52:38 -06:00

Voting a Feature Request Before Create Work #9899

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#8659