Routing error when creating personal access tokens (GitLab 18.1.0, self-managed)

Hi everyone

I’m reaching out because we’ve encountered an issue after upgrading our self-managed GitLab instance, and I’d really appreciate any help or insights you might have.

Problem to solve

Since upgrading our self-managed GitLab instance to version 18.1.0 , we are no longer able to create personal access tokens.
When attempting to create a token via the UI, we receive the following error message:

In the logs (/var/log/gitlab/gitlab-rails/production.log ), we see this error:

ActionController::RoutingError (No route matches [POST] "/gitlab/-/user_settings/personal_access_tokens"):

actionpack (7.1.5.1) lib/action_dispatch/middleware/debug_exceptions.rb:33:in `call'
lib/gitlab/middleware/path_traversal_check.rb:35:in `call'
lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'
sentry-ruby (5.23.0) lib/sentry/rack/capture_exceptions.rb:30:in `block (2 levels) in call'
sentry-ruby (5.23.0) lib/sentry/hub.rb:299:in `with_session_tracking'
sentry-ruby (5.23.0) lib/sentry-ruby.rb:428:in `with_session_tracking'
sentry-ruby (5.23.0) lib/sentry/rack/capture_exceptions.rb:21:in `block in call'
sentry-ruby (5.23.0) lib/sentry/hub.rb:89:in `with_scope'
sentry-ruby (5.23.0) lib/sentry-ruby.rb:408:in `with_scope'
sentry-ruby (5.23.0) lib/sentry/rack/capture_exceptions.rb:20:in `call'
actionpack (7.1.5.1) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app'
railties (7.1.5.1) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (7.1.5.1) lib/active_support/tagged_logging.rb:139:in `block in tagged'
activesupport (7.1.5.1) lib/active_support/tagged_logging.rb:39:in `tagged'
activesupport (7.1.5.1) lib/active_support/tagged_logging.rb:139:in `tagged'
activesupport (7.1.5.1) lib/active_support/broadcast_logger.rb:241:in `method_missing'
railties (7.1.5.1) lib/rails/rack/logger.rb:24:in `call'
actionpack (7.1.5.1) lib/action_dispatch/middleware/remote_ip.rb:92:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:15:in `call'
lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'
request_store (1.7.0) lib/request_store/middleware.rb:19:in `call'
rack (2.2.13) lib/rack/method_override.rb:24:in `call'
rack (2.2.13) lib/rack/runtime.rb:22:in `call'
rack-timeout (0.7.0) lib/rack/timeout/core.rb:154:in `block in call'
rack-timeout (0.7.0) lib/rack/timeout/support/timeout.rb:19:in `timeout'
rack-timeout (0.7.0) lib/rack/timeout/core.rb:153:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/middleware/compressed_json.rb:44:in `call'
actionpack (7.1.5.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:83:in `call'
gitlab-labkit (0.37.0) lib/labkit/middleware/rack.rb:22:in `block in call'
gitlab-labkit (0.37.0) lib/labkit/context.rb:35:in `with_context'
gitlab-labkit (0.37.0) lib/labkit/middleware/rack.rb:21:in `call'
rack (2.2.13) lib/rack/sendfile.rb:110:in `call'
actionpack (7.1.5.1) lib/action_dispatch/middleware/request_id.rb:28:in `call'
lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'
railties (7.1.5.1) lib/rails/engine.rb:536:in `call'
railties (7.1.5.1) lib/rails/railtie.rb:226:in `public_send'
railties (7.1.5.1) lib/rails/railtie.rb:226:in `method_missing'
lib/gitlab/middleware/release_env.rb:12:in `call'
rack (2.2.13) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.13) lib/rack/urlmap.rb:58:in `each'
rack (2.2.13) lib/rack/urlmap.rb:58:in `call'
puma (6.6.0) lib/puma/configuration.rb:279:in `call'
puma (6.6.0) lib/puma/request.rb:99:in `block in handle_request'
puma (6.6.0) lib/puma/thread_pool.rb:390:in `with_force_shutdown'
puma (6.6.0) lib/puma/request.rb:98:in `handle_request'
puma (6.6.0) lib/puma/server.rb:472:in `process_client'
puma (6.6.0) lib/puma/server.rb:254:in `block in run'
puma (6.6.0) lib/puma/thread_pool.rb:167:in `block in spawn_thread'

Steps to reproduce

1. Go to User Settings > Access Tokens
2. Fill in the required fields
3. Click Create personal access token
4. Observe the error message in the UI and the routing error in the logs

We tried with multiple users and different scopes, but the result is always the same

We have reviewed the GitLab 18.1 release notes and searched the forum and issue tracker, but haven’t found a matching issue or workaround.

Configuration

image416×616 25.6 KB

Versions

• Self-managed
• GitLab.com SaaS
• Dedicated

Versions

• GitLab 18.0.1

Thanks in advance for your time and support!

I am having the same problems - apparently the route is missing:

Request URL: xxx/-/user_settings/personal_access_tokens
Request Method: POST
Status Code: 404

Just in case, in the meantime, I was able to create tokens via the API /gitlab/api/v4/users/xx/personal_access_tokens

However, you need a valid administrator token to create tokens for other users

Thanks for the hint, unfortunately I don’t have a token with the correct permissions.

There is an update available (18.1.1), which changes the error interestingly from HTTP 404 into a HTTP 422, but nevertheless I cannot create access tokens anymore.

I’ve opened a ticket: Error when creating personal access tokens (GitLab 18.1.0 + 18.1.1, self-managed) (#551764) · Issues · GitLab.org / GitLab · GitLab

Thanks ! That’s exactly it, I have /gitlab/gitlab in the url. I hadn’t seen it.

I’ll see if I can add a rewrite rule to our Apache conf, but this is just a workaround until there’s a real fix.

Fixed in version 18.1.2