403 error accessing users list in API after 9.4
Summary
I am using the gitlab-ce api in version 4. After upgrading to Gitlab 9.4, I got a 403 error when trying to access user list in v3 and v4 API.
My Private token works fine when accessing to /api/v4/projects
or /api/v4/user
return current user.
Steps to reproduce
- Upgrade to gitlab 9.4
- Access
/api/v4/users
What is the current bug behavior?
An error 403 prevents me from accessing users list in API.
What is the expected correct behavior?
Returning users list
Relevant logs and/or screenshots
JSON Output
{"message":"403 Forbidden - Not authorized to access /api/v4/users"}
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/api/v3/users" for 10.249.1.189 at 2017-07-24 14:17:47 +0200
==> /var/log/gitlab/nginx/gitlab_access.log <==
10.249.1.189 - - [24/Jul/2017:14:21:26 +0200] "GET /api/v4/users HTTP/1.1" 403 69 "-" "GuzzleHttp/6.2.1 curl/7.51.0 PHP/7.0.15"
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Debian 8.8 Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.13.0 Sidekiq Version:5.0.0 Go Version: unknownGitLab information Version: 9.4.0 Revision: 9bbe2ac Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: http://gitlab HTTP Clone URL: http://gitlab/some-group/some-project.git SSH Clone URL: git@gitlab:some-group/some-project.git Using LDAP: no Using Omniauth: no
GitLab Shell Version: 5.3.1 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab Shell ...GitLab Shell version >= 5.3.1 ? ... OK (5.3.1) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 18/1 ... ok 49/2 ... ok 49/3 ... ok 23/4 ... ok 49/5 ... ok 48/6 ... ok 48/7 ... ok 48/8 ... ok 48/9 ... ok 48/10 ... ok 48/11 ... ok 49/12 ... ok 49/13 ... ok 23/14 ... ok 23/15 ... ok 23/16 ... ok 23/17 ... ok 23/18 ... ok 23/19 ... ok 49/20 ... ok 50/21 ... ok 47/23 ... ok 44/25 ... ok 47/26 ... ok 44/27 ... ok 23/28 ... ok 26/29 ... ok 49/30 ... ok 18/31 ... ok 18/33 ... ok 18/42 ... ok 49/43 ... ok 47/54 ... ok 18/55 ... ok 18/57 ... ok 18/59 ... ok 18/60 ... ok 26/61 ... ok 26/62 ... repository is empty 26/63 ... ok 44/67 ... ok 44/69 ... ok 44/73 ... ok 44/74 ... repository is empty 44/76 ... ok 26/77 ... repository is empty 26/78 ... repository is empty 44/79 ... repository is empty 44/80 ... ok 44/81 ... repository is empty 44/84 ... repository is empty 44/87 ... repository is empty 44/88 ... ok 44/91 ... repository is empty 44/92 ... ok 44/93 ... repository is empty 26/95 ... ok 44/96 ... repository is empty 44/97 ... repository is empty 44/100 ... ok 44/101 ... ok 44/103 ... ok 44/104 ... repository is empty 44/105 ... repository is empty 44/106 ... repository is empty 44/107 ... repository is empty 44/108 ... repository is empty 44/111 ... repository is empty 44/112 ... repository is empty 44/113 ... repository is empty 44/114 ... repository is empty 44/116 ... repository is empty 44/117 ... ok 44/118 ... ok 44/119 ... repository is empty 44/120 ... repository is empty 44/121 ... repository is empty 44/122 ... repository is empty 44/123 ... repository is empty 44/124 ... repository is empty 44/125 ... repository is empty 44/126 ... repository is empty 44/127 ... repository is empty 44/128 ... repository is empty 44/129 ... repository is empty 44/130 ... repository is empty 44/131 ... repository is empty 44/132 ... ok 44/133 ... ok 93/135 ... ok 26/136 ... ok 48/137 ... repository is empty 26/138 ... ok 44/139 ... ok 44/140 ... ok 26/142 ... ok 44/143 ... repository is empty 85/144 ... repository is empty 86/145 ... ok 87/146 ... ok 86/147 ... ok 86/148 ... ok 86/149 ... ok 87/150 ... ok 87/151 ... ok 87/152 ... ok 87/153 ... ok 87/154 ... ok 86/155 ... ok 93/156 ... ok 44/157 ... ok 44/159 ... repository is empty 87/160 ... ok 87/161 ... repository is empty 87/162 ... repository is empty 87/163 ... repository is empty 87/164 ... repository is empty 87/165 ... repository is empty 87/166 ... repository is empty 87/167 ... ok 48/168 ... ok 26/170 ... repository is empty 48/171 ... repository is empty 89/172 ... repository is empty 48/173 ... ok 87/174 ... ok 87/175 ... ok 26/176 ... ok 44/177 ... repository is empty 44/179 ... ok 44/180 ... ok 92/181 ... ok 92/183 ... repository is empty 44/184 ... repository is empty 44/185 ... ok 92/186 ... repository is empty 44/188 ... ok 44/189 ... ok 44/191 ... repository is empty 44/192 ... ok 44/193 ... repository is empty 44/194 ... repository is empty 44/196 ... ok 44/197 ... repository is empty 44/198 ... repository is empty 44/199 ... repository is empty 86/200 ... ok 44/201 ... ok 26/202 ... ok 26/203 ... ok 26/204 ... ok 95/205 ... ok 95/206 ... ok 92/207 ... ok 26/208 ... ok 26/209 ... ok 48/210 ... ok 48/211 ... ok 48/212 ... ok 92/213 ... repository is empty 92/214 ... repository is empty 93/215 ... repository is empty 44/216 ... ok 92/217 ... repository is empty 44/218 ... ok 44/219 ... ok 93/220 ... repository is empty 44/221 ... ok 44/222 ... ok 92/223 ... repository is empty 158/224 ... ok 158/225 ... ok 92/226 ... repository is empty 92/227 ... repository is empty 92/228 ... repository is empty 92/229 ... repository is empty 92/230 ... repository is empty 92/231 ... repository is empty 92/232 ... repository is empty 92/233 ... repository is empty Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Access to /var/opt/gitlab/.ssh/authorized_keys: OK Send ping to redis server: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 18/1 ... yes 49/2 ... yes 49/3 ... yes 23/4 ... yes 49/5 ... yes 48/6 ... yes 48/7 ... yes 48/8 ... yes 48/9 ... yes 48/10 ... yes 48/11 ... yes 49/12 ... yes 49/13 ... yes 23/14 ... yes 23/15 ... yes 23/16 ... yes 23/17 ... yes 23/18 ... yes 23/19 ... yes 49/20 ... yes 50/21 ... yes 47/23 ... yes 44/25 ... yes 47/26 ... yes 44/27 ... yes 23/28 ... yes 26/29 ... yes 49/30 ... yes 18/31 ... yes 18/33 ... yes 18/42 ... yes 49/43 ... yes 47/54 ... yes 18/55 ... yes 18/57 ... yes 18/59 ... yes 18/60 ... yes 26/61 ... yes 26/62 ... yes 26/63 ... yes 44/67 ... yes 44/69 ... yes 44/73 ... yes 44/74 ... yes 44/76 ... yes 26/77 ... yes 26/78 ... yes 44/79 ... yes 44/80 ... yes 44/81 ... yes 44/84 ... yes 44/87 ... yes 44/88 ... yes 44/91 ... yes 44/92 ... yes 44/93 ... yes 26/95 ... yes 44/96 ... yes 44/97 ... yes 44/100 ... yes 44/101 ... yes 44/103 ... yes 44/104 ... yes 44/105 ... yes 44/106 ... yes 44/107 ... yes 44/108 ... yes 44/111 ... yes 44/112 ... yes 44/113 ... yes 44/114 ... yes 44/116 ... yes 44/117 ... yes 44/118 ... yes 44/119 ... yes 44/120 ... yes 44/121 ... yes 44/122 ... yes 44/123 ... yes 44/124 ... yes 44/125 ... yes 44/126 ... yes 44/127 ... yes 44/128 ... yes 44/129 ... yes 44/130 ... yes 44/131 ... yes 44/132 ... yes 44/133 ... yes 93/135 ... yes 26/136 ... yes 48/137 ... yes 26/138 ... yes 44/139 ... yes 44/140 ... yes 26/142 ... yes 44/143 ... yes 85/144 ... yes 86/145 ... yes 87/146 ... yes 86/147 ... yes 86/148 ... yes 86/149 ... yes 87/150 ... yes 87/151 ... yes 87/152 ... yes 87/153 ... yes 87/154 ... yes 86/155 ... yes 93/156 ... yes 44/157 ... yes 44/159 ... yes 87/160 ... yes 87/161 ... yes 87/162 ... yes 87/163 ... yes 87/164 ... yes 87/165 ... yes 87/166 ... yes 87/167 ... yes 48/168 ... yes 26/170 ... yes 48/171 ... yes 89/172 ... yes 48/173 ... yes 87/174 ... yes 87/175 ... yes 26/176 ... yes 44/177 ... yes 44/179 ... yes 44/180 ... yes 92/181 ... yes 92/183 ... yes 44/184 ... yes 44/185 ... yes 92/186 ... yes 44/188 ... yes 44/189 ... yes 44/191 ... yes 44/192 ... yes 44/193 ... yes 44/194 ... yes 44/196 ... yes 44/197 ... yes 44/198 ... yes 44/199 ... yes 86/200 ... yes 44/201 ... yes 26/202 ... yes 26/203 ... yes 26/204 ... yes 95/205 ... yes 95/206 ... yes 92/207 ... yes 26/208 ... yes 26/209 ... yes 48/210 ... yes 48/211 ... yes 48/212 ... yes 92/213 ... yes 92/214 ... yes 93/215 ... yes 44/216 ... yes 92/217 ... yes 44/218 ... yes 44/219 ... yes 93/220 ... yes 44/221 ... yes 44/222 ... yes 92/223 ... yes 158/224 ... yes 158/225 ... yes 92/226 ... yes 92/227 ... yes 92/228 ... yes 92/229 ... yes 92/230 ... yes 92/231 ... yes 92/232 ... yes 92/233 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.3 ? ... yes (2.3.3) Git version >= 2.7.3 ? ... yes (2.13.0) Active users: ... 106
Checking GitLab ... Finished