Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

500 Server Error after login if User has no allowed visibility mode #23211

Closed
cchartmann opened this issue Mar 1, 2023 · 4 comments · Fixed by #24867
Closed

500 Server Error after login if User has no allowed visibility mode #23211

cchartmann opened this issue Mar 1, 2023 · 4 comments · Fixed by #24867
Labels
type/bug
Milestone
1.19.4

Comments

@cchartmann
Copy link

Description

  1. set your user to public visible
  2. set ALLOWED_USER_VISIBILITY_MODES = limited,private in app.ini
  3. log in
  4. enjoy the big 500 that you now can see
  5. click on something and you will see, that you are successful logged in

I would expect to see some message, that tells the user, that his visibility is not allowed or something else more useful than an Internal Server Error, so he knows, he can change his visibility to avoid this error the next time.
The Admin will see the error and the reason for it the next time he checks the logs.

It would also make sense to add the information to the documentation of app.ini, so if someone makes a change on ALLOWED_USER_VISIBILITY_MODES, he knows about that.

Gitea Version

1.18.5

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Cent OS 7

How are you running Gitea?

i use an release from Github on Uberspace
see this Guide for more info:
https://lab.uberspace.de/guide_gitea/

Database

MySQL
@yp05327
Copy link
Contributor

yp05327 commented Mar 2, 2023

I also noticed this problem when I use helm chart to deploy gitea server.
related: #22523

I don't think it is safe to change ALLOWED_USER_VISIBILITY_MODES after you officially started the service.
But maybe it is better to show a warning page instead of 500 Error Page, to tell users to change the visibility, as the configration has been changed,

@hyx0329
Copy link

hyx0329 commented Mar 7, 2023

I experienced this problem on the instance installed on my k3s cluster using helm chart.

Aside from the BIG 500, login page will report Could not read your security key if the user tries to log in with a U2F token. The user is logged in though.

@lunny
Copy link
Member

lunny commented Mar 9, 2023

Could you give some logs about the 500 error.

@hyx0329
Copy link

hyx0329 commented Mar 9, 2023
edited
Loading

@lunny just grabbed the most relevant part

2023/03/07 16:07:00 [64076124-2] router: completed GET / for 10.42.2.3:60412, 200 OK in 18.5ms @ web/home.go:33(web.Home)
2023/03/07 16:07:02 [64076126] router: completed GET /explore/repos for 10.42.2.3:60412, 303 See Other in 1.3ms @ context/auth.go:28(context.Toggle)
2023/03/07 16:07:02 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 6.640592ms
2023/03/07 16:07:02 ...odels/auth/source.go:270:ActiveSources() [I] [64076126-2] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 4.995538ms
2023/03/07 16:07:02 [64076126-2] router: completed GET /user/login for 10.42.2.3:60412, 200 OK in 49.2ms @ auth/auth.go:152(auth.SignIn)
2023/03/07 16:07:05 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.556408ms
2023/03/07 16:07:05 ...odels/auth/source.go:270:ActiveSources() [I] [64076129] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 3.465988ms
2023/03/07 16:07:05 ...bce556200f/engine.go:1244:Get() [I] [64076129] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 4.720487ms
2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 25.665463ms
2023/03/07 16:07:05 .../web/wrap_convert.go:47:func3() [I] [64076129] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 36.063718ms
2023/03/07 16:07:05 [64076129] router: completed POST /user/login for 10.42.2.3:60412, 303 See Other in 184.5ms @ auth/auth.go:177(auth.SignInPost)
2023/03/07 16:07:05 [64076129-2] router: completed GET /user/webauthn for 10.42.2.3:60412, 200 OK in 7.1ms @ auth/webauthn.go:27(auth.WebAuthn)
2023/03/07 16:07:05 models/user/user.go:936:GetUserByIDCtx() [I] [64076129-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.446446ms
2023/03/07 16:07:05 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.91122ms
2023/03/07 16:07:05 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [64076129-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.938054ms
2023/03/07 16:07:05 [64076129-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:60412, 200 OK in 13.0ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion)
2023/03/07 16:07:09 models/user/user.go:936:GetUserByIDCtx() [I] [6407612d] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 8.152057ms
2023/03/07 16:07:09 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 5.269422ms
2023/03/07 16:07:09 ...els/auth/webauthn.go:177:getWebAuthnCredentialByCredID() [I] [6407612d] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1 AND credential_id = $2) LIMIT 1 [2 [74 239 231 244 220 104 103 249 163 81 202 155 190 177 163 214 197 155 152 157 150 130 110 204 74 254 1 135 241 37 34 4 189 100 131 192 95 37 249 221 118 35 225 39 204 153 248 97 101 186 165 209 242 30 144 189 3 171 186 170 41 15 102 37 255 255 255 249]] - 15.418878ms
2023/03/07 16:07:09 ...web/auth/webauthn.go:138:WebAuthnLoginAssertionPost() [I] [6407612d] [SQL] UPDATE "webauthn_credential" SET "sign_count" = $1, "updated_unix" = $2 WHERE "id"=$3 [85 1678205229 1] - 21.451908ms
2023/03/07 16:07:09 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407612d] UpdateUserCols: visibility Mode not allowed: public
2023/03/07 16:07:09 [6407612d] router: completed POST /user/webauthn/assertion for 10.42.2.3:60412, 500 Internal Server Error in 61.3ms @ auth/webauthn.go:83(auth.WebAuthnLoginAssertionPost)

Edit: add a slightly different log

2023/03/07 16:19:40 [6407641c] router: completed GET /user/login?redirect_to=%2f for 10.42.2.3:36092, 200 OK in 12.8ms @ auth/auth.go:152(auth.SignIn)
2023/03/07 16:19:42 ...odels/auth/oauth2.go:540:GetActiveOAuth2ProviderSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true OAuth2] - 3.00339ms
2023/03/07 16:19:42 ...odels/auth/source.go:270:ActiveSources() [I] [6407641e] [SQL] SELECT "id", "type", "name", "is_active", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_active = $1 and type = $2) [true SPNEGO with SSPI] - 2.775007ms
2023/03/07 16:19:42 ...bce556200f/engine.go:1244:Get() [I] [6407641e] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [USERNAME_REDACTED] - 3.114226ms
2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.862511ms
2023/03/07 16:19:42 .../web/wrap_convert.go:47:func3() [I] [6407641e] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.77734ms
2023/03/07 16:19:42 [6407641e] router: completed POST /user/login for 10.42.2.3:36092, 303 See Other in 123.8ms @ auth/auth.go:177(auth.SignInPost)
2023/03/07 16:19:42 [6407641e-2] router: completed GET /user/webauthn for 10.42.2.3:36092, 200 OK in 5.9ms @ auth/webauthn.go:27(auth.WebAuthn)
2023/03/07 16:19:42 models/user/user.go:936:GetUserByIDCtx() [I] [6407641e-3] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.42982ms
2023/03/07 16:19:42 ...web/auth/webauthn.go:59:WebAuthnLoginAssertion() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) LIMIT 1 [2] - 2.803008ms
2023/03/07 16:19:42 ...els/auth/webauthn.go:123:getWebAuthnCredentialsByUID() [I] [6407641e-3] [SQL] SELECT "id", "name", "lower_name", "user_id", "credential_id", "public_key", "attestation_type", "aaguid", "sign_count", "clone_warning", "created_unix", "updated_unix" FROM "webauthn_credential" WHERE (user_id = $1) [2] - 2.972472ms
2023/03/07 16:19:42 [6407641e-3] router: completed GET /user/webauthn/assertion for 10.42.2.3:36092, 200 OK in 11.6ms @ auth/webauthn.go:45(auth.WebAuthnLoginAssertion)
2023/03/07 16:19:43 [6407641f] router: completed GET /user/two_factor for 10.42.2.3:36092, 200 OK in 8.1ms @ auth/2fa.go:27(auth.TwoFactor)
2023/03/07 16:20:15 ...ls/auth/twofactor.go:139:GetTwoFactorByUID() [I] [6407643f] [SQL] SELECT "id", "uid", "secret", "scratch_salt", "scratch_hash", "last_used_passcode", "created_unix", "updated_unix" FROM "two_factor" WHERE (uid=$1) LIMIT 1 [2] - 2.984139ms
2023/03/07 16:20:15 models/user/user.go:936:GetUserByIDCtx() [I] [6407643f] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "id"=$1 LIMIT 1 [2] - 3.464529ms
2023/03/07 16:20:16 .../web/wrap_convert.go:47:func3() [I] [6407643f] [SQL] UPDATE "two_factor" SET "uid" = $1, "secret" = $2, "scratch_salt" = $3, "scratch_hash" = $4, "last_used_passcode" = $5, "updated_unix" = $6 WHERE "id"=$7 [2 REDACTED_ANYWAY REDACTED_ANYWAY REDACTED_ANYWAY 024417 1678206015 1] - 10.769268ms
2023/03/07 16:20:16 ...ers/web/auth/auth.go:356:handleSignInFull() [E] [6407643f] UpdateUserCols: visibility Mode not allowed: public
2023/03/07 16:20:16 [6407643f] router: completed POST /user/two_factor for 10.42.2.3:36092, 500 Internal Server Error in 25.1ms @ auth/2fa.go:45(auth.TwoFactorPost)

@lunny lunny mentioned this issue Mar 15, 2023
Closed
@lunny lunny added this to the 1.18.6 milestone Mar 15, 2023
@6543 6543 removed this from the 1.18.6 milestone Apr 2, 2023
@lunny lunny mentioned this issue Apr 3, 2023
Closed
@lunny lunny mentioned this issue May 23, 2023
Merged
@lunny lunny added this to the 1.19.4 milestone May 23, 2023
lunny added a commit that referenced this issue May 24, 2023
@lunny
Only validate changed columns when update user (#24867)
a523bd5 
Fix #23211
Replace #23496
@GiteaBot GiteaBot mentioned this issue May 24, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue May 24, 2023
@lunny @GiteaBot
Only validate changed columns when update user (go-gitea#24867)
531f868 
Fix go-gitea#23211
Replace go-gitea#23496
lunny added a commit that referenced this issue May 24, 2023
@GiteaBot @lunny
Only validate changed columns when update user (#24867) (#24903)
275abd6 
Backport #24867 by @lunny

Fix #23211
Replace #23496

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Codeberg-org pushed a commit to Codeberg-org/gitea that referenced this issue Jun 3, 2023
@GiteaBot @earl-warren
Only validate changed columns when update user (go-gitea#24867) (go-g…
75122ed 
…itea#24903)

Backport go-gitea#24867 by @lunny

Fix go-gitea#23211
Replace go-gitea#23496

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 275abd6)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.19.4
5 participants
@lunny @hyx0329 @yp05327 @6543 @cchartmann