#671 Gitnex does not allow new user accounts to log in (can't handle change password flow)

Open
opened 3 months ago by aaronzheng · 3 comments

# What do you want to address?

(This step is required; examples are shown below)

# Describe your matter briefly

To reproduce this bug:

  1. Using Gitea web, create a new user as a Gitea admin. Do not log in.
  2. Attempt to log in to the new account with the Gitnex mobile app, using basic HTTP auth. In real life this situation would be as if a Gitea admin gave a fresh account to a mobile user and asked them to log in using the provided credentials.
What did you expect? (Useful when addressing bugs)

I expect a screen to show up saying "Welcome to Gitea! Please change your password now."

Instead, I get a toast saying "Could not reach server."

If I try multiple times I get the same result. Can't log in.

When I examine my Gitea logs I see that Gitnex is attempting to call the change_password endpoint but the UI is failing to handle the result of the call, preventing me from signing in:

2020-08-30 05:18:08: Started GET /api/v1/version for <CLIENT IP>
2020-08-30 05:18:08: Completed GET /api/v1/version 302 Found in 39.127934ms
2020-08-30 05:18:08: Started GET /user/settings/change_password for <CLIENT IP>
2020-08-30 05:18:08: Completed GET /user/settings/change_password 200 OK in 25.133715ms

I resolved the issue by logging in to Gitea with the new account with Gitea web, and changing the password there. I was then able to log in with the new password in Gitnex.

Some additional details (Useful, when we are trying to reproduce a bug)

  • The version of Gitea you are using: 1.12
  • The version of GitNex you are using: 3.1
  • Phone OS version and model: Android
  • The type of certificate you are using (self-signed, signed): none
  • How you used to log in (via password or token): basic HTTP auth password

PS: this caused me quite a bit of confusion! I didn't know what was wrong until I inspected the Gitea logs. I was worried I needed to be using HTTPS or something.

Thank you for your time.

## # What do you want to address? (This step is required; examples are shown below) - [x] Bug - [ ] Feature - [ ] Suggestion ## # Describe your matter briefly To reproduce this bug: 1. Using Gitea web, create a new user as a Gitea admin. Do not log in. 2. Attempt to log in to the new account with the Gitnex mobile app, using basic HTTP auth. In real life this situation would be as if a Gitea admin gave a fresh account to a mobile user and asked them to log in using the provided credentials. ##### What did you expect? (Useful when addressing bugs) --- I expect a screen to show up saying "Welcome to Gitea! Please change your password now." Instead, I get a toast saying "Could not reach server." If I try multiple times I get the same result. Can't log in. When I examine my Gitea logs I see that Gitnex is attempting to call the `change_password` endpoint but the UI is failing to handle the result of the call, preventing me from signing in: ``` 2020-08-30 05:18:08: Started GET /api/v1/version for <CLIENT IP> 2020-08-30 05:18:08: Completed GET /api/v1/version 302 Found in 39.127934ms 2020-08-30 05:18:08: Started GET /user/settings/change_password for <CLIENT IP> 2020-08-30 05:18:08: Completed GET /user/settings/change_password 200 OK in 25.133715ms ``` I resolved the issue by logging in to Gitea with the new account with Gitea web, and changing the password there. I was then able to log in with the new password in Gitnex. ##### Some additional details (Useful, when we are trying to reproduce a bug) --- * The version of **Gitea** you are using: 1.12 * The version of **GitNex** you are using: 3.1 * Phone **OS** version and model: Android * The type of certificate you are using (self-signed, signed): none * How you used to log in (via password or token): basic HTTP auth password PS: this caused me quite a bit of confusion! I didn't know what was wrong until I inspected the Gitea logs. I was worried I needed to be using HTTPS or something. #### Thank you for your time.
6543 added the
Bug
label 3 months ago
6543 added the
Feature
label 3 months ago
6543 removed the
Bug
label 3 months ago
6543 added the
Bug
label 3 months ago
6543 commented 3 months ago
Poster
Collaborator

I dont know if it's realy a "Bug" - sure the error message could be more informative ...

To handle the change-password flow is sure a feature request

to detect that password has to change could be considdered as bug,
throu need to check if we can obtain the needed information from the API

I dont know if it's realy a "Bug" - sure the error message could be more informative ... To handle the change-password flow is sure a **feature request** to detect that password has to change could be considdered as bug, throu need to check if we can obtain the needed information from the API
6543 added the
Investigate
label 3 months ago
mmarif commented 2 months ago
Poster
Owner

I have just looked into the APIs and did not find a change password API which is needed in this case.

So a new API and a msg from the login API to tell that password changed is requested to let the user know of password change, are required.

I have just looked into the APIs and did not find a change password API which is needed in this case. So a new API and a msg from the login API to tell that password changed is requested to let the user know of password change, are required.
mmarif removed the
Bug
label 2 months ago
mmarif removed the
Investigate
label 2 months ago
mmarif added the
API-dependency
label 2 months ago
6543 commented 1 week ago
Poster
Collaborator
related: https://github.com/go-gitea/gitea/issues/13681
Sign in to join this conversation.
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.