New update overwrites default auth?

fbartels

Hi,

I saw this update description yesterday:

@girish said in Gitea - Package Updates:

[1.30.0]

• Implement OIDC auth

I had previously manually configured oidc in my Gitea and it looks like this update overwrote the old LDAP based login. This means I have now two oidc logins, but only my manually created one works.

nebulon

Presumably you've already tried that, but can you login with the root/admin account and remove the custom OpenID authentication source?

fbartels

My Gitea is so old, I don't even have the default root user . But I saw that you can list and change password with sudo -H -u git /home/git/gitea/gitea admin user list -c /run/gitea/app.ini in the worst case.

My main user is an admin in gitea, so I tried to delete my manually configured out, but Gitea replies with: "The authentication source is still in use. Convert or delete any users using this authentication source first.", so I opted to disable it instead. In addition I deleted the client configuration from the Cloudron user directory settings.

After a restart of the Gitea app the new Cloudron login works.

However: I think grumpy old me would still have preferred to keep ldap auth as an option, because now I am forced to login via oidc, whereas before I still had the option to use the username and password fields that gitea displays by default. (I can still use these, but then I have to manually set a password for the user I just used oidc to log in to).

nebulon

Is the manual auth source freed up after the first Cloudron OpenID login (assuming the usermapping worked)?

For the login form, is there a practical use-case for this instead of OpenID or just because of habit?

fbartels

The manual one was freed up, after I manually removed it from "Manage Linked Accounts" in my users security settings. Afterwards I could delete it.

@nebulon said in New update overwrites default auth?:

just because of habit?

Yes exactly this. You could argue however that the the oidc login is more secure.

nebulon

Yeah I initially also preferred LDAP for no real reason but just being used to that flow, now since we moved a bunch of apps over to OpenID, my habit changed and username/password login feels cumbersome

fbartels

@nebulon it definitely is cumbersome when additionally using 2fa in Gitea.

Aeton

Hello,
Since this update, I can no longer login in my user account (with password and 2fa Yubikey).
I have also tried the new icon "sign in with cloudron" but it does not event work.

Hopefully, I can login with the root logins. So my question is : What can I do to make my login with user account works again ? Do I need to disable the OAuth2 configured in the authentification sources/configurations of gitea ?

Thank you

nebulon

If the app is configured to use the Cloudron usermanagement, which it is, if you see the OpenID login button, then the username/password login form does not work anymore. That is to be expected and one of the upsides of OpenID, that the credentials are not passed through the app code at all.

For the OpenID login issue, do you see any error in the browser or the app logs?

Aeton

In the browser, it says : "2FA token is invalid".
In the app logs, I can see no error