After upgrading to 1.13.0, can no longer login

[sseneca]

• Gitea version (or commit ref): 1.13.0
• Git version: 2.29.2
• Operating system: Parabola GNU/Linux
• I'm using Gitea via the Helm chart, on my server running k3s. This is the deploy file.
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No (n/a)
• Log gist:

[Macaron] 2020-12-03 22:12:20: Started POST /user/login for 10.42.0.1
2020/12/03 22:12:20 ...m.io/xorm/core/db.go:286:afterProcess() [I] [SQL] SELECT "id", "type", "name", "is_actived", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_actived = $1 and type = $2) [true 6] - 795.229µs
2020/12/03 22:12:20 ...m.io/xorm/core/db.go:286:afterProcess() [I] [SQL] SELECT "id", "type", "name", "is_actived", "is_sync_enabled", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE (is_actived = $1 and type = $2) [true 7] - 579.519µs
2020/12/03 22:12:20 ...m.io/xorm/core/db.go:286:afterProcess() [I] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "email_notifications_preference", "passwd", "passwd_hash_algo", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "is_restricted", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "repo_admin_change_team_access", "diff_view_style", "theme", "keep_activity_private" FROM "user" WHERE "lower_name"=$1 LIMIT 1 [sseneca] - 860.604µs
[Macaron] 2020-12-03 22:12:20: Completed POST /user/login 200 OK in 29.759793ms
2020/12/03 22:12:20 routers/user/auth.go:177:SignInPost() [I] Failed authentication attempt for sseneca from 10.42.0.1

Description

After updating to v1.13.0, I can no longer login to to my account on my two-account Gitea instance. The account is the only admin account and also has 2FA enabled. The other account logs in fine, is not an admin, and does not have 2FA enabled.

Whilst it didn't appear in the above logs, other times when I've tried I've also seen this line:

Unable to negotiate with 10.42.0.1 port 62090: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 [preauth]

Not sure if it's relevant though because like I said it didn't appear when I tried in the above logs.

Also note that I've read this thread but after checking the account in the database is_active is t. Forum post here.

[birkb]

Same for me. It only affects the local admin user. The LDAP users are working fine.

[kisaragi-hiu]

Does it help if you upgrade the Gitea Helm Chart to the latest version, 2.1.0? (at https://git.ssene.ca/sseneca/k8s-server/src/branch/master/gitea/release.yaml#L23)

I don't actually know Kubernetes, but I can see that there seems to be a version mismatch.

[sseneca]

Just tried it but unfortunately version 2.0.7+ of the Chart is broken on Kubernetes 1.18, which I'm stuck on for now. I'll follow that issue and once it's resolved try to upgrade the Chart version again.

[birkb]

I use https://dl.gitea.io/gitea/1.13.0/gitea-1.13.0-linux-amd64 in my custom Dockerfile with Postgres 12.5 running in another container. Before the upgrade the login with the local admin user was working fine.

[Antoine2tt]

Same here for me
I'm using docker, last version of Gitea, and i'm running it with SQLite.

(Going back to 1.12.4 solved my login problem)

[onedr0p]

I am having the same issue! I just upgraded to 2.1.0 of the helm chart. Wish I saw this issue beforehand :(

[luhahn]

Hi there i will have a look at this issue tomorrow

[onedr0p]

Thanks @luhahn you know where to reach me on Discord if you need any info :D It looks like it might be more of an issue with Gitea 1.13.0 than the chart. But I dunno.

[luhahn]

yeah, i dont know, the init container looks fine. But i can't spend any time today for looking at the chart

[techknowlogick]

This appears related specifically to the helm chart, could you open an issue in the helm chart https://gitea.com/gitea/helm-chart so we can track it there?

[birkb]

@techknowlogick The problem also affects the downloaded gitea binary. Should we track that in a separate case?

[luhahn]

Hi all, please see https://gitea.com/gitea/helm-chart/issues/79 for more information on this issue.

[sseneca]

I'm confused. Both @birkb and @Antoine2tt are facing this same bug, and neither use the Helm chart. Why is this bug being tracked there?

[luhahn]

Well I'm sure I need to adjust some stuff on the init container for the helm chart. So I also created an issue there.
At least the admin creation changed.

However since this also affects the downloaded binary we should not close this issue here. If I find something useful I will also post it here.