Login leads to "BCrypt::Errors::InvalidHash (invalid hash):"

simkin · July 12, 2023, 1:26pm

I was in need to migrate a legacy source Gitlab instance to a newer omnibus based instance. The old server was based on Centos 6.5, the new server is running Debian 12. The package installed is gitlab-ce_8.17.8-ce.0_amd64.deb.

Post installation, the first configuration failed due to a Bcrypt error. According to online instructions this issue was fixed in a newer “bcrypt” Gem version and it was advised to update the gem. I used the command below to update the Gem, which indeed seemed to resolve my problem
opt/gitlab/embedded/bin/gem update bcrypt

After the first reconfigure I restored a backup and restored my secrets, all without issues. After restoring my backup i ran an additional reconfigure. All self tests pass without errors and i see the Gitlab home page.

But now the problem, when I try to login with my admin account I see a 500 error and the following part in the log:

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST "/users/sign_in" for 172.17.134.1 at 2023-07-12 14:08:35 +0100
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6MDrZVtTTdKwApGs/qi6pQ8rxYr6Idn1zkDm63MfZAauoJeQz5DfUMs1Trt+MG1KJRko5Y5Fqph45Z8ugEWSKg==", "user"=>{"login"=>"lmolenaar", "password"=>"[FILTERED]", "remember_me"=>"1"}}
Completed 401 Unauthorized in 485ms (ActiveRecord: 39.9ms)
Processing by SessionsController#new as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6MDrZVtTTdKwApGs/qi6pQ8rxYr6Idn1zkDm63MfZAauoJeQz5DfUMs1Trt+MG1KJRko5Y5Fqph45Z8ugEWSKg==", "user"=>{"login"=>"lmolenaar", "password"=>"[FILTERED]", "remember_me"=>"1"}}
Completed 500 Internal Server Error in 142ms (ActiveRecord: 0.9ms)

BCrypt::Errors::InvalidHash (invalid hash):
  app/controllers/sessions_controller.rb:24:in `new'

The “new” part the ruby file shows:
opt/gitlab/embedded/service/gitlab-rails/app/controllers/sessions_controller.rb

  def new
    set_minimum_password_length
    if Gitlab.config.ldap.enabled
      @ldap_servers = Gitlab::LDAP::Config.servers
    else
      @ldap_servers = []
    end

    super
  end

I regonise that i am running an ancient version of Gitlab but I hope that somebody might be able to provide a workaround for my issue? Are there more locations where I need to update the bcrypt gem or can I apply a hack in any of the .rb files?

hayrullahkaraman · February 27, 2024, 5:47pm

did you solve this issue i have the same?

simkin · March 1, 2024, 8:59am

sudo /opt/gitlab/embedded/bin/gem update bcrypt
cd /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems
sudo mv bcrypt-3.1.11 bcrypt-3.1.11_old
sudo ln -s bcrypt-3.1.20/ bcrypt-3.1.11

hayrullahkaraman · March 1, 2024, 2:00pm

Thanks S’r\ 'pgrade my Bcrypt=3.1.11 to 1.1.20 , but it didint solve myproblem, i am trying login it give the same error

14 Mar 1 16:55 bcrypt-3.1.11 → bcrypt-3.1.20/

error
Completed 500 Internal Server Error in 72ms (ActiveRecord: 0.3ms)

BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/sessions_controller.rb:24:in `new’