Gitlab user can't login after 4 years

SonarQube Server / Community Build
, ,
1

Hi,
we are using the Docker image for SonarQube Developer Edition 2025.1 (LTA), using Gitlab OAuth. Our user - let’s say “Tim Banks” - can’t login. I checked Gitlab - he is already member of the correct Gitlab group.

When the user tried to log in via Gitlab, web.log showed
DEBUG web[39ce5370-d1e3-4f62-b656-4569570359dd][auth.event] login failure [cause|Failed to authenticate with login 'TimBanks'][method|OAUTH2][provider|EXTERNAL|GitLab][IP|<IP>|<IP>][login|TimBanks]

I then deactivated the user (without deleting the user’s personal information) and the tried to reactivate, however I couldn’t find a way to do this. So I created a local user with the same userId and email address. Then I could see this entry in web.log
DEBUG web[3a1500c1-ae18-99d9-b85c-c36d9334a0a3][o.s.s.u.NewUserNotifier] User created: TimBanks. Notifying NewUserHandler handlers...

The user tried to log in again, but it still didn’t work, now showing a different error
DEBUG web[45db6731-044c-4fa7-b26c-244c94b608c0][auth.event] login failure [cause|Email 'tim.banks@<domain>' is already used][method|OAUTH2][provider|EXTERNAL|GitLab][IP|<IP>|<IP>][login|TimBanks]

Using the password, the login works
DEBUG web[8d25781a-5123-4c66-b8ce-79cb2c28b717][auth.event] login success [method|FORM][provider|LOCAL|local][IP|<IP>|<IP>][login|TimBanks]

However, this is only a work around. I need the user to log in with Gitlab only. The user Tim Banks was created about 5 years ago, with no login for about 4 years (“Last connection”) until now. I noticed that there was no number appended to the userId, unlike our other userIds. It seems to me like a bug in SonarQube.

2

Hi,

Thanks for providing the web.log excerpts. That’s very helpful. Was there anything else in the log at the time of these login attempts that might be relevant? Or did you have only the single log line per attempt?

 
Thx,
Ann

3

Hi,

in web.log, there is only one line for each failed login. However, there is also an entry in access.log at that time (see first log from my last post):
<IP> - - [15/Apr/2025:14:14:39 +0200] "GET /oauth2/callback/gitlab?code=<code>&state=<state> HTTP/1.1" 302 - "https://<gitlab_domain>/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" "39ce5370-d1e3-4f62-b656-4569570359dd"

I removed the values for code and state as I’m not sure if they contain any sensitive data.

4

Hi,

Thanks for confirming. I’m going to flag this for more expert eyes.

 
Ann

1 Like
7

Hi Patrick,

On SonarQube, you can’t have two different users with the same email address. And a different user is created for every different login method. So in the case described, there is one user for the gitlab login method and one user for the password login method.
As a first step, I recommend to deactivate the password account user and to try again to login with the Gitlab account (logging in with the gitlab account will reactivate the account).

Let me know if it fixes your issue.

Regards,
Nolwenn