- Gitea version (or commit ref): 1.8.0
- Git version: 2.21.0
- Operating system: Archlinux
- Database (use
[x]):
- [x] PostgreSQL
- [ ] MySQL
- [ ] MSSQL
- [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
- [x] Yes
- [ ] No
- [ ] Not relevant
- Log gist:
Description
U2F does not work on login, but registration works well.
Client is Chrome on MacOS.
Screenshots
arren-ru
All 22 comments
Works for me on chrome and macos with yubikey 5 at least (on try.gitea.io)
lafriks
on 25 Apr 2019
Also works for me Chrome / macOS on https://gitea.com
lunny
on 25 Apr 2019
Ok, but what may happened with U2F for me? I tried to login with U2F on github and other several services, all fine with Yubikey, but not on try.gitea and my own hosted one.
Any ideas?
arren-ru
on 25 Apr 2019
Do you get any errors on developer tools console or network log?
lafriks
on 25 Apr 2019
Networks got all 200s, console is clean, no errors.
I have checked browser U2F capabilities here: https://demo.yubico.com/webauthn-technical/registration
All fine.
arren-ru
on 25 Apr 2019
@arren-ru are you using HTTPS?
techknowlogick
on 25 Apr 2019
@techknowlogick
@arren-ru are you using HTTPS?
Sure, otherwise U2F registration shouldn't work either
arren-ru
on 26 Apr 2019
I get the same now - worked before. Strange thing is when I try to register a new key I get:
Could not read your security key.
Please make sure to use the correct, encrypted (https://) URL.
But my page is correctly served from https. The TLS connection is terminated in nginx in front of gogs. nginx config:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
nougad
on 28 Apr 2019
I get the same now - worked before. Strange thing is when I try to register a new key I get:
Could not read your security key.
Please make sure to use the correct, encrypted (https://) URL.But my page is correctly served from https. The TLS connection is terminated in nginx in front of gogs. nginx config:
proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme;
Same config in my front nginx
arren-ru
on 29 Apr 2019
Indeed strange, it does work on codeberg.org running gitea 1.8.0 - using haproxy as TLS terminator.
ashimokawa
on 30 Apr 2019
For me it broke when I updated Chrome to version 74. Downgrading to 73 solves the problem. I can reproduce this on both Linux (Ubuntu 18.04, Chromium) and OSX (Mojave, Chrome).
Firefox works on both platforms
sh0rez
on 1 May 2019
I can confirm. Chromium 74 does not work (ArchLinux). Firefox 66 (ArchLinux) works.
Chrome 73 (Fedora) works, Chrome 74 (Fedora) does not work
nougad
on 1 May 2019
Looks like I'm in the same boat. I updated to 74 and can no longer log in with my key in Gitea but can seemingly everywhere else. Anyone figured out what might have changed in that update that broke things?
nephatrine
on 1 May 2019
Looks like I'm in the same boat. I updated to 74 and can no longer log in with my key in Gitea but can seemingly everywhere else. Anyone figured out what might have changed in that update that broke things?
According to the changelog of Chromium, they did not touch u2f, although I am not totally sure as I did not review every single commit.
But as literally every other application I use still works, maybe we should look into the specifics of gitea's u2f implementation? Are we doing any uncommon things?
sh0rez
on 1 May 2019
I had a look at the JS and found u2fApi.register fails with {"type":"TIMEOUT","code":5}
u2f protocol:
{"data":{"type":"u2f_get_api_version_response","requestId":2,"responseData":{"js_api_version":1.1}}}
{
"type": "u2f_register_request",
"appId": "https://**MYDOMAIN**",
"registerRequests": [
{
"version": "U2F_V2",
"challenge": "**SCRUBBED**"
}
],
"registeredKeys": [
{
"version": "U2F_V2",
"keyHandle": "",
"appId": "https://**MYDOMAIN**"
},
{
"version": "U2F_V2",
"keyHandle": "**SCRUBBED**",
"appId": "https://**MYDOMAIN**"
}
],
"timeoutSeconds": 30,
"requestId": 5
}
{"data":{"type":"u2f_register_response","requestId":5,"responseData":{"errorCode":5}}}
NOTE: I have already a key registered and trying to register a second one.
nougad
on 1 May 2019
Please confirm you are not visit http://localhost:3000, localhost or http will not work for U2F.
lunny
on 6 May 2019
No, I am visiting https://gitea.fqdn:80. TLS Termination is done by nginx. Works on Chrome 73, Firefox, but not on Chrome 74
sh0rez
on 6 May 2019
Also chiming in that it has stopped working for me on Chrome 74, MacOS, Windows, and Linux. Firefox appears to work fine. In my case, I'm running Gitea on a UNIX socket, and then having NGINX do the SSL work.
epyonavenger
on 6 May 2019
Oh, I'm in Chrome 73, MacOS. so that's a change between Chrome 73 and 74?
lunny
on 6 May 2019
Oh, I'm in Chrome 73, MacOS. so that's a change between Chrome 73 and 74?
Seems like it? I upgraded Gitea on the same day, so I was suspicious, but there's enough other people reporting the issue on Chrome 74 that it seems like it must at least be related. >:T
epyonavenger
on 6 May 2019
No, it depends on the Chrome version. We just do not know why
sh0rez
on 6 May 2019
Same here. U2F works on Firefox as well as Android Chrome, but not on Desktop Chrome 74. Although I can't confirm that it worked before, since I am trying to enroll U2F for the first time right now. Also running Gitea on a unix socket behind an Nginx proxy. I'd be happy to help with testing if somebody gives me directions.
isering
on 7 May 2019
Related issues
kifirkin
路
3Comments
adpande
路
3Comments
kolargol
路
3Comments
Fastidious
路
3Comments
thehowl
路
3Comments
Most helpful comment
I get the same now - worked before. Strange thing is when I try to register a new key I get:
But my page is correctly served from https. The TLS connection is terminated in nginx in front of gogs. nginx config: