Latest update broke my auth


#1

Hey folks,

I’ve just updated my via apt-get and now i’m unable to login…
I run gitlab behind an apache (using reverse-proxy) which worked great until today.
Everytime I try to login I get an 422 -> “The change you requested was rejected.”.
The production.log states this on every login:
289 Started POST “/users/sign_in” for 146.52.63.112 at 2017-07-13 08:42:05 +0000
290 Processing by SessionsController#create as HTML
291 Parameters: {“utf8”=>“✓”, “authenticity_token”=>“GTPQdWJY96XRNVcKpzJxmvAzE5+wZlR7mZHYI/LTa5QH15qX9cRiPoSkuW/kJRPXlYwWwYZUlOxZINb6pJ6o2g==”, “user”=>{“login”=>“root”, “password”=>"[FILTERED]", “remember_me”=>“0”}}
292 Can’t verify CSRF token authenticity
293 Completed 422 Unprocessable Entity in 159ms (ActiveRecord: 9.4ms)
294
295 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
296 lib/gitlab/performance_bar/peek_performance_bar_with_rack_body.rb:16:in call' 297 lib/gitlab/middleware/multipart.rb:93:incall’
298 lib/gitlab/request_profiler/middleware.rb:14:in call' 299 lib/gitlab/middleware/go.rb:16:incall’
300 lib/gitlab/etag_caching/middleware.rb:11:in call' 301 lib/gitlab/request_context.rb:18:incall’

Anyone else having this kind of troubles?

Greetz

Edit: My Password is a hash with some Dollar-signs - not sure if there might be the problem…


#2

I have the same problem. LDAP authentication works fine but Standard with root account doesn’t work with the same error.

Also I don’t use any reverse proxies, gitlab-ce deb package installed from official repository.


#3

Heyho,

I just found that my problem was reverse-proxy related. I forgot to route the Requestheaders.
Check out this manual: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
Maybe your problem is related somehow too.

Greetz