Search code examples
authenticationgerrit

Cannot login after editing email addresses

I have Gerrit v3.0.0 running on my server, everything was working fine yesterday.

Here's my authentication method :

[auth]
    type = http
    emailFormat = {0}@domain.com

I'm not sure that this is the cause of my problem but I might have deleted my email address xxx@domain.com yesterday. Today when trying to log in to the UI again, I get a HTTP 403 error and logs/error_log said :

Cannot assign external ID "username:xxx" to account 1000003; external ID already in use.

So I went ahead and deleted external IDs for this account which was probably a mistake since I still got the HTTP 403 error and the following messages in logs/error_log :

[HTTP-71] WARN  com.google.gerrit.server.account.AccountManager : Email xxx@domain.com is already assigned to account 1000001; cannot create external ID gerrit:xxx with the same email for account 1000057.
[HTTP-71] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user "xxx"
com.google.gerrit.server.account.AccountException: Email 'xxx@domain.com' in use by another account

So it seems as if Gerrit tries to create a new account instead of logging into mine.

Note that there is another user on the instance and he can still use Gerrit UI. I've searched some previous topics but no solutions seem to work.

Solution

  • So it appears I was on the right path after all.

    What I did :

    Cause of the bug

    I changed the email of my account, and then changed the preferred email. Gerrit doesn't seem to support that and messed up with the external-id's.

    Cause of the second bug

    I deleted the external-id for the account I couldn't log in to (Either use API endpoints https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html or fetch All-Users:refs/meta/external-id)

    But I deleted not only the mailto:<my_username>@<domain>.com external-id but also gerrit:<my_username>.

    After that, nothing I tried allowed me to log back in again.

    Resolution

    • I cloned external ids using git clone "ssh://<my_username>@<domain>.com:<port>/All-Users" && git fetch origin refs/meta/external-ids && git checkout FETCH_HEAD
    • I created a new external-id in All-Users:refs/meta/external-id with the following:
        [externalId "gerrit:<my_username>"]
        accountId = <my_account_id>
        email = <my_username>@<domain>.com

    Note: the name of this file is the SHA1 of gerrit:<my_username>.

    • I pushed my changes to Gerrit with git push origin HEAD:refs/meta/external-ids

    Note: You need to edit All-Users accesses in order to be allowed to push this.

    And it all worked again.

    Feel free to add anything to this, it might not be very thorough.