Gitea envrionment: docker container
Gitea Version: 1.12.0+dev-228-g8d43563a3
Oauth Integration purpose: Drone authentication via Gitea.
Problem: When users try to authenticate to drone via Oauth2, they are brought to the Gitea login page, after logging in the following error appears:
Note: This problem just started last week (Friday), The system has been in production and working for over 2 months. No major changes happened last Friday that we know of.
Trouble shooting:
-
Tried stopping / rebuilding the container (docker-compose up --build)
-
Rebooted the server.
-
Made sure to access the pages based on how the certificate was built using FQDN only. Also tried IP address, does not seem to make any difference.
-
Performed a tcpdump trace (nothing on the network seems to be blocking anything)
-
Checked Drone’s debug logs, no errors.
-
Not sure if certificates are used for Oauth, but we do use an internal CA to sign them, they all look well, does not look like a trust issue.
-
Tried creating new local user, and a new ldap user in our AD (which is integrated into gitea), same problem with new and old users.
-
Checked user account settings > Applications > Authorized OAuth2 applications has drone listed for previous users. New users do not have this listed nor is it added (As the toke can not be authenticated at the moment, I think)
-
From the docker logs I can see the following:
674982d85680&redirect_uri=https%3A%2F%2Fdrone.cybertax.cso.com%2Flogin&response_type=code&state=f0b5a315724c7af1 500 Internal Server Error in 4.501002ms
gitea_1 | [Macaron] 2020-05-04 14:23:41: Started GET /user/avatar/dh016d/-1 for 10.104.8.1
gitea_1 | [Macaron] 2020-05-04 14:23:41: Completed GET /user/avatar/dh016d/-1 302 Found in 2.818125ms
gitea_1 | [Macaron] 2020-05-04 14:23:42: Started GET /serviceworker.js for 10.104.8.1
gitea_1 | [Macaron] 2020-05-04 14:23:42: Completed GET /serviceworker.js 200 OK in 2.414206ms
- Checked the Gitea logs (/data/gitea/log/gitea.log), I can see this error message:
2020/05/04 12:35:17 ...outers/user/oauth.go:190:AuthorizeOAuth() [E] LoadUser: user does not exist [uid: 2, name: , keyid: 0]
It seems either drone is sending a user that does not exist, no user. or gitea is unable to read the user and defaulting to nothing. My suspensions lead me to believe that this problem has something to do with the token being passed back and forth between drone and gitea. I am basing my assumption based on the fact that I was able to access the drone system via Gitea Oauth2 with problems over the weekend. While trouble shooting I cleared my cache, then I ran into the same issue (500 error). It seems Gitea has lost the ability to give me tokens for access as it is unable to find my user.
I will share my docker-compose file if needed, however nothing has changed in it at all since the problem started.
Any ideas?
UPDATE:
Fixed it… rebuilt the Gitea user application integration, copied over the user ID and secret to docker-compose and restarted docker containers. I am not sure why this was working for so long then stopped, not even entirely sure which account had the drone id / secret configured, but the one in the docker-compose was not to be found.
Followed this post to help me on how to configure if your looking for details:
https://linuxliaison.org/setting-up-drone-with-gitea-in-docker/