Can't update user password or use it
Problem description
Users cannot change or update their password, even if the password has been reset in the admin interface. After the password has been changed by the admin, the email with the change information is sent successfully, but the user cannot change their password. Error message: "You must provide a valid current password". Push, pull and clone via HTTPS and username / password fails too with the error message: "remote: HTTP Basic: Access denied. If a password was provided for Git authentication, the password was incorrect or you're required to use a token instead of a password. If a token was provided, it was either incorrect, expired, or improperly scoped"
Steps to reproduce the error
- Login as admin and change the password of an user
- login as the user and try to change your current password
- error "You must provide a valid current password" occurs even with the new password
Config details Use GitLab 17.5.1 both as CE Edition and as EE Edition. Last change to the system was the upgrade to 17.5.1 and changing the S3 buckets for the GitLab registry and the general buckets, as described here:
### Old S3 Storage
#registry['storage'] = {
# 's3' => {
# 'accesskey' => '<ACCESSKEY>',
# 'secretkey' => '<SECRETKEY>',
# 'bucket' => 'gitlabregistry',
# 'region' => 'us-east-1',
# 'regionendpoint' => 'https://<custom s3 endpoint>',
# 'multipartcopythresholdsize' => 5368709120
# }
#}
###
### New Storage
registry['storage'] = {
's3' => {
'accesskey' => '<ACCESSKEY>',
'secretkey' => '<SECRETKEY>',
'bucket' => 'git-registry',
'region' => 'us-east-1',
'regionendpoint' => 'https://new.custom-endpoint',
'multipartcopythresholdsize' => 5368709120
},
'redirect' => {
'disable' => true
},
}
### Disabled old Storage
#gitlab_rails['object_store']['connection'] = {
# 'provider' => 'AWS',
# 'region' => 'us-east-1',
# 'aws_access_key_id' => '<ACCESSKEY>',
# 'aws_secret_access_key' => '<SECRETKEY>',
# 'endpoint' => 'https://custom-endpoint',
# 'host' => 'custom-endpoint',
# 'path_style' => true,
# 'use_iam_profile' => false
#}
## gitlab_rails['object_store']['storage_options'] = {}
#gitlab_rails['object_store']['proxy_download'] = true
#gitlab_rails['object_store']['objects']['artifacts']['bucket'] = 'gitartifacts'
#gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = 'gitexternaldiffs'
#gitlab_rails['object_store']['objects']['lfs']['bucket'] = 'gitlablfs'
#gitlab_rails['object_store']['objects']['uploads']['bucket'] = 'gituploads'
#gitlab_rails['object_store']['objects']['packages']['bucket'] = 'gitpackages'
#gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = 'gitdependencyproxy'
#gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = 'gitterraformstate'
#gitlab_rails['object_store']['objects']['pages']['bucket'] = 'gitpages'
#gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = 'gitsecurefiles'
### Enabled new storage
gitlab_rails['object_store']['connection'] = {
'provider' => 'AWS',
'region' => 'us-east-1',
'aws_access_key_id' => '<ACCESSKEY>',
'aws_secret_access_key' => '<SECRETKEY>',
'endpoint' => 'https://new-custom-endpoint',
'host' => 'new-custom-endpoint',
'path_style' => true,
'use_iam_profile' => false
}
# gitlab_rails['object_store']['storage_options'] = {}
gitlab_rails['object_store']['proxy_download'] = true
gitlab_rails['object_store']['objects']['artifacts']['bucket'] = 'git-artifacts'
gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = 'git-externaldiffs'
gitlab_rails['object_store']['objects']['lfs']['bucket'] = 'git-lfs'
gitlab_rails['object_store']['objects']['uploads']['bucket'] = 'git-uploads'
gitlab_rails['object_store']['objects']['packages']['bucket'] = 'git-packages'
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = 'git-dependencyproxy'
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = 'git-terraformstates'
gitlab_rails['object_store']['objects']['pages']['bucket'] = 'git-pages'
gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = 'git-cisecurefiles'The users can login via GitHub or SAML (Shibboleth). Maybe this is a part of the problem? Login via SSH and personal access tokens works fine.