Trying to push as a user with a pending password change causes issues with git ("could not determine hash algorithm") #19090
Labels
Comments
jimj316
changed the title
|
have same issue. gitea version: 1.16.4 |
42wim
added a commit
to 42wim/gitea
that referenced
this issue
Jun 18, 2022
Fixes go-gitea#19090 If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403
42wim
added a commit
to 42wim/gitea
that referenced
this issue
Jun 18, 2022
Fixes go-gitea#19090 If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403
lafriks
pushed a commit
that referenced
this issue
Jun 19, 2022
Fixes #19090 If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Co-authored-by: 6543 <[email protected]>
zeripath
pushed a commit
that referenced
this issue
Jun 19, 2022
If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Fixes #19090
vsysoev
pushed a commit
to IntegraSDL/gitea
that referenced
this issue
Aug 10, 2022
…tea#20026) If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Fixes go-gitea#19090
AbdulrhmnGhanem
pushed a commit
to kitspace/gitea
that referenced
this issue
Aug 24, 2022
…tea#20026) If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Fixes go-gitea#19090
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Gitea Version
Go1.17.7
Git Version
2.20.1
Operating System
Debian Testing
How are you running Gitea?
Gitea is installed from the "gitea" package on Debian, and running as it's own user as a systemd service
Database
PostgreSQL
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Description
I'm not sure if this is strictly a bug, but it's a very confusing issue I just spent two hours debugging so I thought I would note it down for the devs.
If a new user is created with the "require password change on first login" setting, and then they don't change their password, then they can still
git pullfrom any public repository, but any attempt togit pushwill give a scary error message like the following:fatal: https://[URL]/gitea/[USER]/[REPO].git/info/refs not valid: could not determine hash algorithm; is this a git repository?This is caused by the HTTP request for info/refs being redirected to the "change your password" page. The workaround is to ask the user to actually change their password this time, but the error message is very confusing.
A potential fix for this could be to make HTTP requests for git-internal URLs fail with a 401 error in this case, instead of redirecting to a webpage intended for humans; this will at least give a "authentication failed" message, which is closer to the actual cause.
Screenshots
No response
The text was updated successfully, but these errors were encountered: