Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed authentication attempt is logged with text 'user does not exist' even when the user exists #24498

Closed
MarekChr opened this issue May 3, 2023 · 2 comments · Fixed by #25414
Closed

Failed authentication attempt is logged with text 'user does not exist' even when the user exists #24498

MarekChr opened this issue May 3, 2023 · 2 comments · Fixed by #25414
Labels
type/bug

Comments

@MarekChr
Copy link

MarekChr commented May 3, 2023

Description

Log entry:
...ers/web/auth/auth.go:206:SignInPost() [I] [645256b1] Failed authentication attempt for user from ip: user does not exist [uid: 2, name: user, keyid: 0]

Description
I tried to fail authentication by using wrong password and I looked at the log file. There is failed authentication attempt information log with additional text: 'user does not exist', however user exists and I can login when provided good password.

Expected Fix
Log authentication attempt fail log without text 'user does not exist' when user exists

Gitea Version

1.19.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.30.2

Operating System

Debian

How are you running Gitea?

Running binary gitea behind nginx proxy

Database

PostgreSQL
@lunny lunny added this to the 1.19.4 milestone May 4, 2023
@delvh delvh removed this from the 1.19.4 milestone Jun 8, 2023
@msalmanmasood
Copy link

msalmanmasood commented Jun 20, 2023
edited
Loading

Hitting the same on 1.20 running on RHEL8.4 where

Gitea version 1.20.0+rc0-58-g28ed763f5 built with GNU Make 4.3, go1.20.5 : bindata, sqlite, sqlite_unlock_notify

ers/web/auth/auth.go:206:SignInPost() [I] Failed authentication attempt for skhan from 10.1x.6x.x:57086: user does not exist [uid: 0, name: xxxxx, keyid: 0]

@lunny lunny mentioned this issue Jun 21, 2023
Merged
@MarekChr
Copy link
Author

Hitting the same on 1.20 running on RHEL8.4 where

Gitea version 1.20.0+rc0-58-g28ed763f5 built with GNU Make 4.3, go1.20.5 : bindata, sqlite, sqlite_unlock_notify

ers/web/auth/auth.go:206:SignInPost() [I] Failed authentication attempt for skhan from 10.1x.6x.x:57086: user does not exist [uid: 0, name: xxxxx, keyid: 0]

I think uid 0 means that the user really does not exist, but can not confirm that.

@GiteaBot GiteaBot mentioned this issue Jul 3, 2023
Merged
silverwind pushed a commit that referenced this issue Jul 3, 2023
@GiteaBot @lunny
Log the real reason when authentication fails (but don't show the use…
69bdcf4 
…r) (#25414) (#25660)

Backport #25414 by @lunny

Fix #24498

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Log the real reason when authentication fails (but don't show the user) lunny/gitea
4 participants
@lunny @msalmanmasood @delvh @MarekChr