Skip to content

Instantly share code, notes, and snippets.

@eripa

eripa/gist:1b1633a7c6225074e5911bde1edba4e7

Created June 1, 2017 07:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eripa/1b1633a7c6225074e5911bde1edba4e7 to your computer and use it in GitHub Desktop.
Save eripa/1b1633a7c6225074e5911bde1edba4e7 to your computer and use it in GitHub Desktop.
Download ZIP
gitea debug logs
Raw
gistfile1.md

Chrome debug

General

Request URL:https://example.com/user/two_factor
Request Method:POST
Status Code:500
Remote Address:10.129.250.100:8080
Referrer Policy:no-referrer

Response Headers

content-security-policy:default-src 'self'; img-src 'self' https://secure.gravatar.com data:; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' https://fonts.googleapis.com https://www.google-analytics.com https://code.jquery.com 'sha256-b1/GhCtLTi1u96xlvQRMhjZXl+uPHFz20MC3LCZDJlQ=' 'sha256-XTyyz2T1QnIhaqtxDSle1U4ArW9Sq24CB29y75Vlw24=' 'sha256-A4X7gY9t8GpYiqCnyhVq0ggsIizXC5lLE22mcL/XnCQ='; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'
content-type:text/html; charset=UTF-8
date:Thu, 01 Jun 2017 07:40:20 GMT
referrer-policy:no-referrer
server:nginx
status:500
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block

Request Headers

:authority:example.com
:method:POST
:path:/user/two_factor
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8,sv;q=0.6,ja;q=0.4
cache-control:no-cache
content-length:82
content-type:application/x-www-form-urlencoded
cookie:lang=en-US; i_like_gitea=e1e127a821c232c9; _csrf=Htv9iobKjs-3FHX-xOqIfZ0B6nU6MTQ5NjMwMjU5NjAyNzU5MTU1NQ%3D%3D; redirect_to=%252F
dnt:1
origin:null
pragma:no-cache
upgrade-insecure-requests:1
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Form Data

_csrf:Htv9iobKjs-3FHX-xOqIfZ0B6nU6MTQ5NjMwMjU5NjAyNzU5MTU1NQ==
passcode:006264

stdout logs

Login works:

Jun 01 07:27:04 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:04: Started GET /user/login?redirect_to=%2fuser%2ftwo_factor for 10.20.30.40
Jun 01 07:27:04 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:04: Completed /user/login?redirect_to=%2fuser%2ftwo_factor 200 OK in 1.687779ms
Jun 01 07:27:10 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:10: Started POST /user/login for 10.20.30.40
Jun 01 07:27:10 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:10: Completed /user/login 302 Found in 21.595598ms
Jun 01 07:27:10 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:10: Started GET /user/two_factor for 10.20.30.40
Jun 01 07:27:10 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:10: Completed /user/two_factor 200 OK in 998.891µs

2FA Fails:

Jun 01 07:27:20 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:20: Started POST /user/two_factor for 10.20.30.40
Jun 01 07:27:20 gitea gitea[21241]: [Macaron] 2017-06-01 07:27:20: Completed /user/two_factor 500 Internal Server Error in 1.565778ms

gitea.log

2017/06/01 07:27:04 [D] Session ID: e1e127a821c232c9
2017/06/01 07:27:04 [D] CSRF Token: c_eQZhzuQznkY143WFkRrZpk5Bc6MTQ5NjMwMTg1NDM1NDgxNDA4OA==
2017/06/01 07:27:04 [D] Template: user/auth/signin
2017/06/01 07:27:10 [D] Session ID: e1e127a821c232c9
2017/06/01 07:27:10 [D] CSRF Token: c_eQZhzuQznkY143WFkRrZpk5Bc6MTQ5NjMwMTg1NDM1NDgxNDA4OA==
2017/06/01 07:27:10 [D] Session ID: e1e127a821c232c9
2017/06/01 07:27:10 [D] CSRF Token: c_eQZhzuQznkY143WFkRrZpk5Bc6MTQ5NjMwMTg1NDM1NDgxNDA4OA==
2017/06/01 07:27:10 [D] Template: user/auth/twofa
2017/06/01 07:27:14 [D] Session ID: 814df51deab13867
2017/06/01 07:27:14 [D] CSRF Token: HFEQxz8iDeZjg9mZzkfuMJjn1hI6MTQ5NjMwMjAzNDk4NjQwMTg3OA==
2017/06/01 07:27:15 [D] Session ID: b1930112a2a5930a
2017/06/01 07:27:15 [D] CSRF Token: LlSS7aFQye826L7u6SOfZpsUvno6MTQ5NjMwMjAzNTAxODU0MzE0MA==
2017/06/01 07:27:15 [D] Template: user/auth/signin
2017/06/01 07:27:20 [D] Session ID: e1e127a821c232c9
2017/06/01 07:27:20 [D] CSRF Token: c_eQZhzuQznkY143WFkRrZpk5Bc6MTQ5NjMwMTg1NDM1NDgxNDA4OA==
2017/06/01 07:27:20 [...routers/user/auth.go:212 TwoFactorPost()] [E] UserSignIn: illegal base64 data at input byte 0
2017/06/01 07:27:20 [D] Template: status/500

xorm.log

2017/06/01 07:27:15 [I] [sql] SELECT "id", "type", "name", "is_actived", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE "type"=$1 AND "is_actived"=$2 [args] [6 true]
2017/06/01 07:27:20 [I] [sql] SELECT "id", "uid", "secret", "scratch_token", "created_unix", "updated_unix" FROM "two_factor" WHERE "uid"=$1 LIMIT 1 [args] [1]
2017/06/01 07:27:24 [I] [sql] SELECT "id", "type", "name", "is_actived", "cfg", "created_unix", "updated_unix" FROM "login_source" WHERE "type"=$1 AND "is_actived"=$2 [args] [6 true]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment