Advanced Search password causing 500s
Summary
The field for the password for the ElasticSearch instance causes 500 when a special character is present in the password.
Since the requirement for a password is:
Passwords must contain at least one uppercase letter, one lowercase letter, one number, and one special character.
Changing the password to have - as the special character is a workaround.
Steps to reproduce
- Go to Menu > Admin > Settings > Advanced Search
- On the password field enter a password that has a special character like
@or$ - See 500 error
Example Project
What is the current bug behavior?
Password entry triggers a 500 error.
What is the expected correct behavior?
Successfully saved and no 401 errors.
Relevant logs and/or screenshots
{
"method": "PATCH",
"path": "/admin/application_settings/advanced_search",
"format": "html",
"controller": "Admin::ApplicationSettingsController",
"action": "advanced_search",
"status": 500,
"time": "2022-03-03T15:59:04.550Z",
"params": [
{
"key": "_method",
"value": "patch"
},
{
"key": "authenticity_token",
"value": "[FILTERED]"
},
{
"key": "application_setting",
"value": {
"elasticsearch_indexing": "[FILTERED]",
"elasticsearch_pause_indexing": "[FILTERED]",
"elasticsearch_search": "[FILTERED]",
"elasticsearch_url": "[FILTERED]",
"elasticsearch_username": "[FILTERED]",
"elasticsearch_password": "[FILTERED]",
"elasticsearch_shards": "[FILTERED]",
"elasticsearch_replicas": "[FILTERED]",
"elasticsearch_indexed_file_size_limit_kb": "[FILTERED]",
"elasticsearch_indexed_field_length_limit": "[FILTERED]",
"elasticsearch_max_bulk_size_mb": "[FILTERED]",
"elasticsearch_max_bulk_concurrency": "[FILTERED]",
"elasticsearch_client_request_timeout": "[FILTERED]",
"elasticsearch_limit_indexing": "[FILTERED]",
"elasticsearch_namespace_ids": "[FILTERED]",
"elasticsearch_project_ids": "[FILTERED]",
"elasticsearch_analyzers_smartcn_enabled": "[FILTERED]",
"elasticsearch_analyzers_kuromoji_enabled": "[FILTERED]",
"elasticsearch_aws": "[FILTERED]",
"elasticsearch_aws_region": "[FILTERED]",
"elasticsearch_aws_access_key": "[FILTERED]",
"elasticsearch_aws_secret_access_key": "[FILTERED]"
}
}
],
"correlation_id": "01FX8835ASHQ6EQN0425J5MGNF",
"meta.user": "user",
"meta.client_id": "user/142",
"meta.caller_id": "Admin::ApplicationSettingsController#advanced_search",
"meta.remote_ip": "10.53.154.227",
"meta.feature_category": "global_search",
"remote_ip": "10.53.154.227",
"user_id": 142,
"username": "user",
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:97.0) Gecko/20100101 Firefox/97.0",
"queue_duration_s": 0.011216,
"request_urgency": "default",
"target_duration_s": 1,
"redis_calls": 7,
"redis_duration_s": 0.00709,
"redis_read_bytes": 1079,
"redis_write_bytes": 1626,
"redis_cache_calls": 5,
"redis_cache_duration_s": 0.005117,
"redis_cache_read_bytes": 833,
"redis_cache_write_bytes": 413,
"redis_shared_state_calls": 1,
"redis_shared_state_duration_s": 0.000947,
"redis_shared_state_write_bytes": 55,
"redis_sessions_calls": 1,
"redis_sessions_duration_s": 0.001026,
"redis_sessions_read_bytes": 246,
"redis_sessions_write_bytes": 1158,
"elasticsearch_calls": 2,
"elasticsearch_duration_s": 0.335815,
"elasticsearch_timed_out_count": 0,
"db_count": 13,
"db_write_count": 3,
"db_cached_count": 1,
"db_replica_count": 0,
"db_primary_count": 13,
"db_replica_cached_count": 0,
"db_primary_cached_count": 1,
"db_replica_wal_count": 0,
"db_primary_wal_count": 0,
"db_replica_wal_cached_count": 0,
"db_primary_wal_cached_count": 0,
"db_replica_duration_s": 0,
"db_primary_duration_s": 0.011,
"external_http_count": 2,
"external_http_duration_s": 0.31402566700126044,
"cpu_s": 0.116602,
"mem_objects": 69519,
"mem_bytes": 12381821,
"mem_mallocs": 43873,
"mem_total_bytes": 15162581,
"pid": 10100,
"exception.class": "Elasticsearch::Transport::Transport::Errors::Unauthorized",
"exception.message": "[401] ",
"exception.backtrace": [
"lib/gitlab/instrumentation/elasticsearch_transport.rb:12:in `perform_request'",
"ee/lib/gitlab/elastic/helper.rb:164:in `index_exists?'",
"ee/lib/gitlab/elastic/helper.rb:308:in `create_index'",
"ee/lib/gitlab/elastic/helper.rb:148:in `create_empty_index'",
"ee/app/services/ee/application_settings/update_service.rb:97:in `find_or_create_elasticsearch_index'",
"ee/app/services/ee/application_settings/update_service.rb:26:in `execute'",
"app/controllers/admin/application_settings_controller.rb:264:in `perform_update'",
"ee/app/controllers/ee/admin/application_settings_controller.rb:37:in `block (2 levels) in <module:ApplicationSettingsController>'",
"ee/lib/gitlab/ip_address_state.rb:10:in `with'",
"ee/app/controllers/ee/application_controller.rb:45:in `set_current_ip_address'",
"app/controllers/application_controller.rb:490:in `set_current_admin'",
"lib/gitlab/session.rb:11:in `with_session'",
"app/controllers/application_controller.rb:481:in `set_session_storage'",
"lib/gitlab/i18n.rb:105:in `with_locale'",
"lib/gitlab/i18n.rb:111:in `with_user_locale'",
"app/controllers/application_controller.rb:475:in `set_locale'",
"app/controllers/application_controller.rb:469:in `set_current_context'",
"lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in `call'",
"lib/gitlab/middleware/rails_queue_duration.rb:33:in `call'",
"lib/gitlab/middleware/memory_report.rb:13:in `call'",
"lib/gitlab/middleware/speedscope.rb:13:in `call'",
"lib/gitlab/request_profiler/middleware.rb:17:in `call'",
"lib/gitlab/database/load_balancing/rack_middleware.rb:23:in `call'",
"lib/gitlab/metrics/rack_middleware.rb:16:in `block in call'",
"lib/gitlab/metrics/web_transaction.rb:46:in `run'",
"lib/gitlab/metrics/rack_middleware.rb:16:in `call'",
"lib/gitlab/jira/middleware.rb:19:in `call'",
"lib/gitlab/middleware/go.rb:20:in `call'",
"lib/gitlab/etag_caching/middleware.rb:21:in `call'",
"lib/gitlab/middleware/multipart.rb:173:in `call'",
"lib/gitlab/middleware/read_only/controller.rb:50:in `call'",
"lib/gitlab/middleware/read_only.rb:18:in `call'",
"lib/gitlab/middleware/same_site_cookies.rb:27:in `call'",
"lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'",
"lib/gitlab/middleware/basic_health_check.rb:25:in `call'",
"lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'",
"lib/gitlab/middleware/request_context.rb:21:in `call'",
"lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'",
"config/initializers/fix_local_cache_middleware.rb:11:in `call'",
"lib/gitlab/middleware/compressed_json.rb:26:in `call'",
"lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'",
"lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'",
"lib/gitlab/metrics/requests_rack_middleware.rb:77:in `call'",
"lib/gitlab/middleware/release_env.rb:13:in `call'"
],
"db_duration_s": 0.05818,
"view_duration_s": 0,
"duration_s": 0.51125
}Output of checks
Results of GitLab environment info
Tested on v14.7.3 and v14.8.2, both versions report the same error.
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Possible fixes
Workaround is to use a special character - as that doesn't seem to break, this feels like a encoding error.