lunny
commented
1 year ago What's the error message? Maybe you can get it from logs.
Closed LamGC closed 1 year ago
lunny
commented
1 year ago What's the error message? Maybe you can get it from logs.
LamGC
commented
1 year ago What's the error message? Maybe you can get it from logs.
Obtain this information from the log:
2023/09/11 22:52:29 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for <user ip>:0, 200 OK in 4.4ms @ auth/auth.go:141(auth.SignIn)
2023/09/11 22:52:29 ...eb/routing/logger.go:102:func1() [I] router: completed GET / for <user ip>:0, 200 OK in 2.4ms @ web/home.go:32(web.Home)
2023/09/11 22:52:31 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/oauth2/microsoft for <user ip>:0, 307 Temporary Redirect in 3.7ms @ auth/oauth.go:849(auth.SignInOAuth)
2023/09/11 22:52:35 ...rs/web/auth/oauth.go:939:SignInOAuthCallback() [E] UserSignIn: could not find a matching session for this request
2023/09/11 22:52:35 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/oauth2/microsoft/callback?code=<aad_auth_code>&state=<state_uuid>&session_state=<session_state_uuid> for <user ip>:0, 500 Internal Server Error in 6.8ms @ auth/oauth.go:888(auth.SignInOAuthCallback)The error message is:
...rs/web/auth/oauth.go:939:SignInOAuthCallback() [E] UserSignIn: could not find a matching session for this request
wxiaoguang
commented
1 year ago What's your docker compose yaml and app.ini ?
LamGC
commented
1 year ago What's your docker compose yaml and app.ini ?
Docker Compose files:
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:1.20.4
container_name: gitea
labels:
- "traefik.http.routers.gitea.rule=Host(`git.lamgc.me`)"
environment:
- USER_UID=1000
- USER_GID=1000
- DOMAIN=git.lamgc.me
- SSH_DOMAIN=ssh.git.lamgc.me
- DB_TYPE=mysql
- DB_HOST=db:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=<DB_PASSWORD>
- GNUPGHOME=/data/gitea/home/.gnupg
restart: unless-stopped
networks:
- gitea
volumes:
- /home/git/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "8080:3000"
- "22:22"
depends_on:
- db
db:
image: mysql:8
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=<ROOT_PASSWORD>
- MYSQL_USER=gitea
- MYSQL_PASSWORD=<DB_PASSWORD>
- MYSQL_DATABASE=gitea
networks:
- gitea
volumes:
- /home/git/data/mysql:/var/lib/mysql
drone:
image: drone/drone:2
restart: unless-stopped
container_name: drone
ports:
- "280:80"
- "2443:443"
environment:
- DRONE_GITEA_SERVER=https://git.lamgc.me
- DRONE_GITEA_CLIENT_ID=<OAUTH2_CLIENT_ID>
- DRONE_GITEA_CLIENT_SECRET=<OAUTH2_SECRET>
- DRONE_RPC_SECRET=<RPC_SECRET>
- DRONE_SERVER_HOST=drone.lamgc.me
- DRONE_SERVER_PROTO=https
- DRONE_DATABASE_DRIVER=sqlite3
- DRONE_DATABASE_DATASOURCE=/data/database.sqlite
- DRONE_SERVER_PORT=:80
- DRONE_DATADOG_ENABLED=false
- DRONE_USER_CREATE=username:LamGC,admin:true
- DRONE_LOGS_TEXT=true
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
- DRONE_LOGS_DEBUG=true
- TZ=Asia/Shanghai
depends_on:
- db
- server
volumes:
- /root/drone/data:/data
app.ini:
APP_NAME = Lam's Git Server
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.lamgc.me
SSH_DOMAIN = ssh.git.lamgc.me
HTTP_PORT = 3000
ROOT_URL = https://git.lamgc.me/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
# LFS_CONTENT_PATH = /data/git/lfs
LFS_JWT_SECRET = <secret>
OFFLINE_MODE = false
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = mysql
HOST = db:3306
NAME = gitea
USER = gitea
PASSWD = <secret>
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8mb4
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
COOKIE_SECURE = true
COOKIE_NAME = gitea_session
DOMAIN = git.lamgc.me
SAME_SITE = strict
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console,file
LEVEL = info
logger.router.MODE = console,file
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = <secret>
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.git.lamgc.me
CF_TURNSTILE_SECRET = <secret>
CF_TURNSTILE_SITEKEY = <secret>
REQUIRE_CAPTCHA_FOR_LOGIN = true
CAPTCHA_TYPE = cfturnstile
[mailer]
ENABLED = true
SMTP_ADDR = smtp-mail.outlook.com:587
FROM = noreply@git.lamgc.me
USER = noreply@git.lamgc.me
PASSWD = <secret>
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[repository.signing]
SIGNING_KEY = 9A64CE873A771A6A674A8268F0A386EF7F4889B1
SIGNING_NAME =
SIGNING_EMAIL =
INITIAL_COMMIT = twofa
CRUD_ACTIONS = twofa
WIKI = twofa
MERGES = twofa
[lfs]
STORAGE_TYPE = local
PATH = /data/git/lfs
[oauth2]
JWT_SECRET = <secret>
[metrics]
ENABLED = false
At the moment, the only problem I can guess is the session problem.
Are you running Gitea with multiple instances for the same domain?
wxiaoguang
commented
1 year ago Hmm ... the cookie ID changes.
Can you try to remove SAME_SITE = strict from your config? It affects the session cookie.
LamGC
commented
1 year ago At the moment, the only problem I can guess is the session problem.
Are you running Gitea with multiple instances for the same domain?
No, I haven't deployed multiple Gitea instances in the same domain name.
wxiaoguang
commented
1 year ago At the moment, the only problem I can guess is the session problem. Are you running Gitea with multiple instances for the same domain?
No, I haven't deployed multiple Gitea instances in the same domain name.
I am 99% sure it is caused by the cookie's SAME_SITE = strict , see the new comment.
LamGC
commented
1 year ago At the moment, the only problem I can guess is the session problem. Are you running Gitea with multiple instances for the same domain?
No, I haven't deployed multiple Gitea instances in the same domain name.
I am 99% sure it is caused by the cookie's
SAME_SITE = strict, see the new comment.
Yes, after deleting SAME_SITE, it works! If SSO is enabled, what is the recommended setting for SAME_SITE?
wxiaoguang
commented
1 year ago Yes, after deleting
SAME_SITE, it works! If SSO is enabled, what is the recommended setting forSAME_SITE?
Do nothing, the default value is good enough
Open a new issue #27033
LamGC
commented
1 year ago Yes, after deleting
SAME_SITE, it works! If SSO is enabled, what is the recommended setting forSAME_SITE?Do nothing, the default value is good enough
Okay, thank you for your help!
Description
After updating to 1.20, due to a change in the SSO button in the login interface, I modified the authentication source name of Microsoft AAD and was unable to log in to Gitea through Microsoft AAD. (Before that, everything was normal)
I have confirmed that the information for Microsoft AAD is correct and can access the callback through AAD login.
Gitea Version
1.20.4
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/LamGC/41077f2dc0db4cc6a187525bef4b706e
Screenshots
Git Version
2.40.1
Operating System
Debian 11.7 Linux 5.10.0-23-amd64
How are you running Gitea?
I deployed Gitea through Docker Compose and used the Root image.
Gitea uses Cloudflare tunnel for reverse proxy for public access.
Database
MySQL/MariaDB