search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.04k stars 5.4k forks source link

Can't login after migration #28065

Closed haq1an closed 9 months ago

haq1an commented 9 months ago

Description

What I did before the issue:

  1. Backup docker version of Gitea.
  2. Install a new Gitea by binary from scratch.
  3. Restore Gitea dump to the new Gitea.

Then I get 500 Internal Error performing below actions:

  1. Login using LDAP accounts.
  2. Open Authentication Resources Tab from Site administration.
  3. Click "Edit" in the User Accounts tab. Error msg in gitea are similar, looks like related to the SECRET_KEY: 
    
2023/11/15 14:51:37 ...s/web/admin/auths.go:54:Authentications() [E] [65546a79] auth.Sources: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1
2023/11/15 14:51:37 [65546a79] router: completed GET /admin/auths for 10.24.30.64:49429, 500 Internal Server Error in 7.6ms @ admin/auths.go:46(admin.Authentications)

2023/11/15 14:52:18 ...s/web/admin/users.go:224:prepareUserInfo() [E] [65546aa2] auth.GetSourceByID: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1 2023/11/15 14:52:18 [65546aa2] router: completed GET /admin/users/30 for 10.24.30.64:49456, 500 Internal Server Error in 3.5ms @ admin/users.go:254(admin.EditUser)

2023/11/15 14:58:33 ...ers/web/auth/auth.go:224:SignInPost() [E] [65546c19] UserSignIn: failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 1 2023/11/15 14:58:33 [65546c19] router: completed POST /user/login for 10.24.30.64:49585, 500 Internal Server Error in 2.5ms @ auth/auth.go:170(auth.SignInPost)


OS: Ubuntu Server 20.04

app.ini as below:

APP_NAME = Gitea:example RUN_MODE = prod RUN_USER = git

[repository] ROOT = /data/git/repositories

[repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload] TEMP_PATH = /data/gitea/uploads

[server] APP_DATA_PATH = /data/gitea DOMAIN = git-test.dev.example.com SSH_DOMAIN = git-test.dev.example.com HTTP_PORT = 3000 ROOT_URL = https://git-test.dev.example.com/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /data/git/lfs LFS_JWT_SECRET = ....secretsecretsecretsecretsecretsecret.... OFFLINE_MODE = false

[database] PATH = /data/gitea/gitea.db DB_TYPE = postgres HOST = 127.0.0.1:5432 NAME = gitea USER = gitea PASSWD = password LOG_SQL = false SCHEMA = SSL_MODE = disable CHARSET = utf8

[indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file GC_INTERVAL_TIME = 604800 SESSION_LIFE_TIME = 604800

[picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars DISABLE_GRAVATAR = true ENABLE_FEDERATED_AVATAR = true

[attachment] PATH = /data/gitea/attachments

[log] MODE = file,console LEVEL = info LOG_ROTATE = true DAILY_ROTATE = true MAX_DAYS = 90 ROUTER = console, ROOT_PATH = /data/gitea/log FILE_NAME = /data/gitea/log/access.log ENABLE_ACCESS_LOG = true

[log.console] MODE = console LEVEL = info FLAGS = stdflags COLORIZE = true

[security] INSTALL_LOCK = true SECRET_KEY = ....secretsecretsecretsecretsecretsecret.... REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = ....secretsecretsecretsecretsecretsecret.... PASSWORD_HASH_ALGO = pbkdf2

[service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = true ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = false DEFAULT_ENABLE_TIMETRACKING = false NO_REPLY_ADDRESS =

[oauth2] JWT_SECRET = ....secretsecretsecretsecretsecretsecret....

[webhook] ALLOWED_HOST_LIST = example.com PAGING_NUM = 30

[openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false

[cron.sync_external_users] RUN_AT_START = true SCHEDULE = @every 24h UPDATE_EXISTING = false

[migrations] ALLOW_LOCALNETWORKS = true ALLOWED_DOMAINS = example.com



I tried upgrade gitea version from 19.2 to 19.4 by replacing the gitea exec file. Still the same error.

I was wondering if this is a migration related issue. Or is there any other factor that I forgot to put into consideration.

### Screenshots

<img width="1359" alt="Screenshot 2023-11-15 at 15 05 52" src="https://github.com/go-gitea/gitea/assets/88136037/0ad40d14-b2a7-44c5-9604-d363b441ef4d">

### Gitea Version

19.4

### Can you reproduce the bug on the Gitea demo site?

No

### Operating System

macOS

### Browser Version

Edge Version 119.0.2151.46 (Official build) (arm64)
wxiaoguang commented 9 months ago

The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted.

Or your login_source table is corrupted (which it unlikely according to your log)

You need to fix it manually: check your login_source table records, find base64-encoded encrypted value, set them to empty string.

haq1an commented 9 months ago

The most likely reason is that you lost your SECRET_KEY, then the data in database can't be decrypted.

Or your login_source table is corrupted (which it unlikely according to your log)

You need to fix it manually: check your login_source table records, find base64-encoded encrypted value, set them to empty string.

It works, really appreciate it man!