-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External login source becomes disabled every now and then #16096
Comments
Is there a SQL log to change the table? |
Not in the current logs (I disabled detailed SQL logging a while ago). Will check logs when it happens again. Anyone an idea about places in Gitea code that might make this change? (I could then check these..) |
I suspect this is intentional on behalf of Gitea, in 1.14 there was a change that instead of failing via panic when an oidc auth source is not available on startup, Gitea would instead just disable the auth source (to at least allow the binary to start). |
Hm, any idea how (or where in the code) it checks this? Why does it need OIDC auth on startup and could that check be disabled? |
I am experiencing the same issue, probably when a node restarts and gitea startup is faster than keycloak (no redundancy). So this would follow the scenario described by techknowlogick. I am also interested to know if this check can be disabled. |
@pixelspark @vosdim-supportsquare the disabling occurs as part of #14802. Prior to this Gitea would simply Fatal and die. Given that scenario disabling is clearly better. I think a different approach is possible (re-attempt registration at time of login) but it means we will need to add locking to our oauth2 provider implementation otherwise there will be serious data races. (Some of which are already present but this means that they're actually more likely to cause trouble.) I am currently in the middle of refactoring the login sources for 1.16 so having now seen these races I will be able to add changes in to ameliorate them - but backporting will be difficult. |
I would also note that no-one has told us the contents of the Critical log entry when Gitea explains that it is disabling the login source. It would be helpful to see it. |
If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix go-gitea#16096 Signed-off-by: Andrew Thornton <[email protected]>
If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix go-gitea#16096 Signed-off-by: Andrew Thornton <[email protected]>
…tration failed at startup (#16570) Backport #16564 This PR has two parts: * Add locking to goth and gothic calls with a RWMutex The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races * Reattempt OAuth2 registration on login if registration failed If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix #16096 Signed-off-by: Andrew Thornton <[email protected]>
…tration failed at startup (#16564) This PR has two parts: * Add locking to goth and gothic calls with a RWMutex The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races * Reattempt OAuth2 registration on login if registration failed If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix #16096 Signed-off-by: Andrew Thornton <[email protected]>
…tration failed at startup (go-gitea#16564) This PR has two parts: * Add locking to goth and gothic calls with a RWMutex The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races * Reattempt OAuth2 registration on login if registration failed If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix go-gitea#16096 Signed-off-by: Andrew Thornton <[email protected]>
[x]
):Did not find any mention in log, but this was running at production without debugging logs turned on. Can turn them on for a while if desired.
Description
For some reason,
is_activated
is sometimes reset to0
for our primarylogin_source
. Although I cannot rule out external causes completely (i.e. some weird issue with MySQL replication) my suspicion is that Gitea makes this change (e.g. when the login source is temporarily unavailable?).Screenshots
This is what
login_source
looks like after the source was deactivated (the first two sources are deliberately disabled, the 'bouncer' login source is the one that becomes disabled every now and then):The text was updated successfully, but these errors were encountered: