Unauthorized: BCrypt::Errors::InvalidHash

Sometime in the last month my gitlab users lost the ability to log into the external url. There had been no upgrade of gitlab (8.12.3-ce.0.el7.x86_64), but the OS was upgraded (to Fedora 28) and gets daily package upgrades. I tracked down a BCrypt::Errors::InvalidHash error in the gitlab-rails/production.log. All attempts to reset or change passwords (via the external url, via the console) lead to the same error. I have now managed to upgrade to gitlab 10.8.1, but this error has persisted through all upgrades. What can I do to restore account access?

Here is the log error when attempting to log onto the external url.

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST “/users/sign_in” for at 2018-05-26 23:43:14 -0500
Processing by SessionsController#create as HTML
Parameters: {“utf8”=>“✓”, “authenticity_token”=>"[FILTERED]", “user”=>{“login”=>“me”, “password”=>"[FILTERED]", “remember_me”=>“0”}}
Completed 401 Unauthorized in 106ms (ActiveRecord: 12.8ms)
Processing by SessionsController#new as HTML
Parameters: {“utf8”=>“✓”, “authenticity_token”=>"[FILTERED]", “user”=>{“login”=>“me”, “password”=>"[FILTERED]", “remember_me”=>“0”}}
Completed 500 Internal Server Error in 59ms (ActiveRecord: 0.5ms)

BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/sessions_controller.rb:28:in new' lib/gitlab/i18n.rb:46:in with_locale’
lib/gitlab/i18n.rb:52:in with_user_locale' app/controllers/application_controller.rb:326:in set_locale’
lib/gitlab/request_context.rb:18:in call' lib/gitlab/metrics/requests_rack_middleware.rb:27:in call’

It finally occurred to me to search for people experiencing BCrypt trouble after an upgrade to Fedora 28. That search lead immediately to a one-line “ugly hack” that solves my problem: https://stackoverflow.com/questions/50213071/why-does-bcrypt-no-longer-accept-hashes

1 Like