Registered admin cannot log-in to Gogs fresh setup

Found a related question at Admin User without Administration Pannel but I have different queries.

Gogs version: Gogs version 0.12.0+dev,
System: Ubuntu 18.04.4 LTS
Database: postgres (PostgreSQL) 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)

I successfully setup Gogs on a VPS. However I logged-out and then trying to login with my registered admin account I am encountering “Username or password is not correct.” . I don’t know what could be the problem because I am entering a correct password because before entering it I did saved in my text editor.

One thing I remember is that after filling all the details when first time I hit install I encountered error related to DB User password and at that time the Admin password fields were pre-filled. So can it be that after the mentioned error the pre-filled passwords were actually encrypted version of my plain password I initially entered and which got saved in DB?

The thought which came to my mind to solve the problem was I could change the Admin user password in my database through terminal. So I connected to my database in following manner

[email protected]:~/gogs$ psql -U gogs -h localhost -W
Password for user gogs: 
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

gogs=> \l
                              List of databases
   Name    |  Owner   | Encoding | Collate |  Ctype  |   Access privileges   
-----------+----------+----------+---------+---------+-----------------------
 gogs      | gogs     | UTF8     | C.UTF-8 | C.UTF-8 | 
 postgres  | postgres | UTF8     | C.UTF-8 | C.UTF-8 | 
 template0 | postgres | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |          |          |         |         | postgres=CTc/postgres
 template1 | postgres | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |          |          |         |         | postgres=CTc/postgres
(4 rows)

gogs=> \c gogs
Password for user gogs: 
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
You are now connected to database "gogs" as user "gogs".
gogs=> select * from user
gogs-> ;
 user 
------
 gogs
(1 row)

As can be seen I could see only one user gogs in user table. The user name I registered was jiggneshhgohel. So I am wondering how come I am not able to see the row for my registered admin. Or are the admin creds saved in some other table or may be at some other place?

Also the more puzzling thing is that it doesn’t show up all the columns in the query result because listing columns I can see there are lot of columns in user table:

gogs=> \d+ user
                                                               Table "public.user"
        Column        |          Type           | Collation | Nullable |             Default              | Storage  | Stats target | Description 
----------------------+-------------------------+-----------+----------+----------------------------------+----------+--------------+-------------
 id                   | bigint                  |           | not null | nextval('user_id_seq'::regclass) | plain    |              | 
 lower_name           | character varying(255)  |           | not null |                                  | extended |              | 
 name                 | character varying(255)  |           | not null |                                  | extended |              | 
 full_name            | character varying(255)  |           |          |                                  | extended |              | 
 email                | character varying(255)  |           | not null |                                  | extended |              | 
 passwd               | character varying(255)  |           | not null |                                  | extended |              | 
 login_source         | bigint                  |           | not null | 0                                | plain    |              | 
 login_name           | character varying(255)  |           |          |                                  | extended |              | 
 type                 | integer                 |           |          |                                  | plain    |              | 
 location             | character varying(255)  |           |          |                                  | extended |              | 
 website              | character varying(255)  |           |          |                                  | extended |              | 
 rands                | character varying(10)   |           |          |                                  | extended |              | 
 salt                 | character varying(10)   |           |          |                                  | extended |              | 
 created_unix         | bigint                  |           |          |                                  | plain    |              | 
 updated_unix         | bigint                  |           |          |                                  | plain    |              | 
 last_repo_visibility | boolean                 |           |          |                                  | plain    |              | 
 max_repo_creation    | integer                 |           | not null | '-1'::integer                    | plain    |              | 
 is_active            | boolean                 |           |          |                                  | plain    |              | 
 is_admin             | boolean                 |           |          |                                  | plain    |              | 
 allow_git_hook       | boolean                 |           |          |                                  | plain    |              | 
 allow_import_local   | boolean                 |           |          |                                  | plain    |              | 
 prohibit_login       | boolean                 |           |          |                                  | plain    |              | 
 avatar               | character varying(2048) |           | not null |                                  | extended |              | 
 avatar_email         | character varying(255)  |           | not null |                                  | extended |              | 
 use_custom_avatar    | boolean                 |           |          |                                  | plain    |              | 
 num_followers        | integer                 |           |          |                                  | plain    |              | 
 num_following        | integer                 |           | not null | 0                                | plain    |              | 
 num_stars            | integer                 |           |          |                                  | plain    |              | 
 num_repos            | integer                 |           |          |                                  | plain    |              | 
 description          | character varying(255)  |           |          |                                  | extended |              | 
 num_teams            | integer                 |           |          |                                  | plain    |              | 
 num_members          | integer                 |           |          |                                  | plain    |              | 
Indexes:
    "user_pkey" PRIMARY KEY, btree (id)
    "UQE_user_lower_name" UNIQUE, btree (lower_name)
    "UQE_user_name" UNIQUE, btree (name)

but when trying to select a column like

gogs=> select email from user;

I get error

ERROR:  column "email" does not exist
LINE 1: select email from user;

Also an unrelated question is: Is there a provision to disable Register / Signup so as to let only Admin added users can sign-in?

Thanks.

An Update regarding the puzzling behavior mentioned in my question. The query was supposed to be

gogs=> select * from public.user;
gogs=> select email, passwd from public.user;
          email           |                                                passwd                                                
--------------------------+------------------------------------------------------------------------------------------------------
 [email protected] | encrypted_password_here
(1 row)

Thanks to Thom Brown on Stackoverflow who helped in this regard.

So my following question is answered i.e. Admin details are saved in user table.

So I am wondering how come I am not able to see the row for my registered admin. Or are the admin creds saved in some other table or may be at some other place?

And I don’t think the initial thought (quoted below)

The thought which came to my mind to solve the problem was I could change the Admin user password in my database through terminal. So I connected to my database in following manner

should help because to alter the user’s password I will need to first encrypt it. Can anybody please help in this regard?

Also it seems like my original suspect (quoted below) is the root cause of the issue I am facing:

One thing I remember is that after filling all the details when first time I hit install I encountered error related to DB User password and at that time the Admin password fields were pre-filled. So can it be that after the mentioned error the pre-filled passwords were actually encrypted version of my plain password I initially entered and which got saved in DB?

If anyone agrees then I think in case of any error while submitting Install button the password fields in Admin settings should be cleared, instead of pre-filled.

Finally I followed the instructions at Is there a simple way to reset forgotten administrator password? and was able to successfully login with my original admin user.

What an achievement!

In fact if it’s a fresh install, you can just delete the user and sign up again. The first-only user becomes the admin automatically.

1 Like

@Unknwon Thanks. Do you think following is a valid point and should be addressed in the gogs source code?

Create admin account is purposely made as the last step for the first time installation. If it fails, it won’t be saved. If it’s saved, I think the error is for something else. Can you provide a screenshot of the error message?

@Unknwon I understand the purpose of Admin account creation command. However what I referred to was when I was on install page I filled the Database, Application Settings, and Admin settings. Now what happened was the DB user password I entered was wrong and I wasn’t aware about that and thus I hit the install button . That form submission indeed failed and shown the error that my entered DB user password was wrong. But the thing to be noted is that before submitting the form the Admin details were filled in the form and when the error was encountered because of wrong DB user password all the entered form-fields details were pre-filled.

So what I was asking was while pre-filling the form fields, after the error, can it be the case that an encrypted version of the password is pre-filled, instead of plain password I filled at the time of submitting the form? If yes then I think instead of pre-filling the password field, in case or form submission error, they should be shown as empty.

Sorry I didn’t captured the screenshot at the time that error happened and I don’t know whether it is possible to get to the install page after successfully submitting the install form.

Hope now you get what I am trying to convey.

I’m not referring to the CLI command, but the installation page.

How can a user password to be “wrong” when creating the user? Can you provide a screenshot of the error message?

@Unknwon

As already informed it is not possible for me to provide the screenshot of that error because my Gogs instance is up and running. However let me try once more to convey the scenario I suspected and sought confirmation in my previous messages:

On install page:

In Database Settings section I entered following

Username: gogs
Password: gogs_pwd

Note: The password I entered was actually wrong because from psql terminal when I created the DB user gogs I set gogs_password as its password.

Next I moved to Application Settings section on install page and there I added the necessary details.

The I moved to Admin Settings section and there I added following details:

Username: jiggneshhgohel
Password: jig_password

Finally I hit the Install button but I encountered error for DB user password to be wrong (as I noted earlier). At this point when the page highlighted error the form fields were pre-filled with values before hitting the Install button. So my question is: is it possible that
in Admin Settings section the following details were pre-filled?

Username: jiggneshhgohel
Password: <encrypted version of original password i.e jig_password>

Now I fixed the problem by entering correct password In Database Settings section i.e following

Username: gogs
Password: gogs_password

and again hit the Install button and it was successful. Then the admin user was logged-in. Then I explicitly logged-out and then tried to login again with admin creds

Username: jiggneshhgohel
Password: jig_password

but I encountered error Username or password is incorrect. This happened repeatedly whenever I retried with the same creds.

That was unexpected because I am sure that the creds I was entering were correct.

So I suspect that when I encountered error on Install page and because of which the Admin details got pre-filled, is it possible that the Admin details which got saved in database were

Username: jiggneshhgohel
Password: <encrypted version of original password i.e jig_password>

instead of

Username: jiggneshhgohel
Password: jig_password

?

Thanks.

I see.

I don’t think so. First of all, backend never and should not return encrypted version of the password. Secondly, it only accepts the original password and do encrypt and verify to check if the password is correct. It is one-way encryption.