Can not create first user (admin) with API

[toni-moreno]

• Gitea version (or commit ref): 3973572
• Git version: 2.17
• Operating system: debian
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • [X ] SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

I'm working in a automated gitea provisioning script , and the admin user and password is provided as parameter to this script.

I've tested with as auth token the security.SECRET_KEY and security.INTERNAL_TOKEN configured in my app.ini but It doesn't work. ( as you can see below)

Which token should I use to create the first gitea user (the admin user) ?

ipasdev@ipasdev01:~/ipas-docker/gitea/gitea$ curl -i -X POST "http://git.mydomain2.org/api/v1/admin/users?access_token=P9R8gvGsZRKw4GjFQjnyUFmY00WJQA3bxzLf1BJg6hvEuzbQwc2aACBB4qwiWVS5" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"email\": \"[email protected]\", \"full_name\": \"string\", \"login_name\": \"string\", \"password\": \"string\", \"send_notify\": true, \"source_id\": 0, \"username\": \"string\"}"
HTTP/1.1 403 Forbidden
Server: nginx/1.13.12
Date: Wed, 21 Nov 2018 22:55:45 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=7050120b02bef2a4; Path=/; HttpOnly
Set-Cookie: _csrf=JgjWWByY6Bsw9w_QXcom3JhsRNQ6MTU0Mjg0MDk0NTg1MjI0MTE5MA%3D%3D; Path=/; Expires=Thu, 22 Nov 2018 22:55:45 GMT; HttpOnly
X-Frame-Options: SAMEORIGIN

[lafriks]

API will not work without any user as it requires authorization, you can use command line on server to create first user

[toni-moreno]

Hi @lafriks how can I do that? perhaps via sqlite3

The only I have is the schema.

CREATE TABLE `user` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `lower_name` TEXT NOT NULL, `name` TEXT NOT NULL, `full_name` TEXT NULL, `email` TEXT NOT NULL, `keep_email_private` INTEGER NULL, `passwd` TEXT NOT NULL, `must_change_password` INTEGER DEFAULT 0 NOT NULL, `login_type` INTEGER NULL, `login_source` INTEGER DEFAULT 0 NOT NULL, `login_name` TEXT NULL, `type` INTEGER NULL, `location` TEXT NULL, `website` TEXT NULL, `rands` TEXT NULL, `salt` TEXT NULL, `language` TEXT NULL, `created_unix` INTEGER NULL, `updated_unix` INTEGER NULL, `last_login_unix` INTEGER NULL, `last_repo_visibility` INTEGER NULL, `max_repo_creation` INTEGER DEFAULT -1 NOT NULL, `is_active` INTEGER NULL, `is_admin` INTEGER NULL, `allow_git_hook` INTEGER NULL, `allow_import_local` INTEGER NULL, `allow_create_organization` INTEGER DEFAULT 1 NULL, `prohibit_login` INTEGER DEFAULT 0 NOT NULL, `avatar` TEXT NOT NULL, `avatar_email` TEXT NOT NULL, `use_custom_avatar` INTEGER NULL, `num_followers` INTEGER NULL, `num_following` INTEGER DEFAULT 0 NOT NULL, `num_stars` INTEGER NULL, `num_repos` INTEGER NULL, `description` TEXT NULL, `num_teams` INTEGER NULL, `num_members` INTEGER NULL, `diff_view_style` TEXT DEFAULT '' NOT NULL);

But I don't know how gitea is doing the "shadowing" process on the passwd field...

[toni-moreno]

Hi @lafriks I've found the methods in golang code, but not sure how to make the same hash with a shell script ..

gitea/models/user.go

Lines 412 to 420 in 801843b

	func hashPassword(passwd, salt string) string {
	tempPasswd := pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)
	return fmt.Sprintf("%x", tempPasswd)
	}
	// HashPassword hashes a password using PBKDF.
	func (u *User) HashPassword(passwd string) {
	u.Passwd = hashPassword(passwd, u.Salt)
	}

Here a real password generated with the ui.

sqlite> select id,passwd,salt from user;
1|67acb09b94a9154e756212a3f93b5d5ff4e073d31227d72ebbba0eed3074ea16e919eb3eb9c6d9a1eb63980ac80f7e42db56|Zw5R87ort1

[lunny]

@toni-moreno in command line, type
./gitea admin create-user ...

[lafriks]

Command line docs: https://docs.gitea.io/en-us/command-line/

[toni-moreno]

ups!!! sorry I didn't know about the command line tool!!! Thank you !!

[toni-moreno]

Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password ,

¿ How can disable this behaviour?

[lafriks]

There is argument to not require password change

[adelowo]

@lafriks that functionality is not in 1.6.0 or the commit he is running . It is in the 1.7.0 milestone. #4955 I just even noticed that it wasn't documented, my bad. Should I go ahead to make a PR for that or wait till we are close to releasing 1.7. If I am right, docs are built from master ?

Or Maybe the first user (admin) should not be required to change his/her password?

[adelowo]

Hi @lafriks After created the admin user Can not use the password , gitea is redirecting to a new Location /user/settings/change_password ,

¿ How can disable this behaviour?

Accounts created via the command line are required to update their passwords.

We could maybe not require the first user ( admin) to change his/her password.

[lafriks]

Oh, sorry flag will be only in 1.7.0. #4955 implements this