Latest update broke my auth

Hey folks,

I’ve just updated my via apt-get and now i’m unable to login…
I run gitlab behind an apache (using reverse-proxy) which worked great until today.
Everytime I try to login I get an 422 -> “The change you requested was rejected.”.
The production.log states this on every login:
289 Started POST “/users/sign_in” for at 2017-07-13 08:42:05 +0000
290 Processing by SessionsController#create as HTML
291 Parameters: {“utf8”=>“✓”, “authenticity_token”=>“GTPQdWJY96XRNVcKpzJxmvAzE5+wZlR7mZHYI/LTa5QH15qX9cRiPoSkuW/kJRPXlYwWwYZUlOxZINb6pJ6o2g==”, “user”=>{“login”=>“root”, “password”=>"[FILTERED]", “remember_me”=>“0”}}
292 Can’t verify CSRF token authenticity
293 Completed 422 Unprocessable Entity in 159ms (ActiveRecord: 9.4ms)
295 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
296 lib/gitlab/performance_bar/peek_performance_bar_with_rack_body.rb:16:in call' 297 lib/gitlab/middleware/multipart.rb:93:in call’
298 lib/gitlab/request_profiler/middleware.rb:14:in call' 299 lib/gitlab/middleware/go.rb:16:in call’
300 lib/gitlab/etag_caching/middleware.rb:11:in call' 301 lib/gitlab/request_context.rb:18:in call’

Anyone else having this kind of troubles?


Edit: My Password is a hash with some Dollar-signs - not sure if there might be the problem…

I have the same problem. LDAP authentication works fine but Standard with root account doesn’t work with the same error.

Also I don’t use any reverse proxies, gitlab-ce deb package installed from official repository.


I just found that my problem was reverse-proxy related. I forgot to route the Requestheaders.
Check out this manual:
Maybe your problem is related somehow too.


1 Like