{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Cannot login after editing email addresses》','https://www.manongdao.com/q-1266596.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have Gerrit v3.0.0 running on my server, everything was working fine yesterday.
Here's my authentication method :
[auth]
type = http
emailFormat = {0}@domain.com
I'm not sure that this is the cause of my problem but I might have deleted my email address xxx@domain.com yesterday.
Today when trying to log in to the UI again, I get a HTTP 403 error and logs/error_log said :
Cannot assign external ID "username:xxx" to account 1000003; external ID already in use.
So I went ahead and deleted external IDs for this account which was probably a mistake since I still got the HTTP 403 error and the following messages in logs/error_log :
[HTTP-71] WARN com.google.gerrit.server.account.AccountManager : Email xxx@domain.com is already assigned to account 1000001; cannot create external ID gerrit:xxx with the same email for account 1000057.
[HTTP-71] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user "xxx"
com.google.gerrit.server.account.AccountException: Email 'xxx@domain.com' in use by another account
So it seems as if Gerrit tries to create a new account instead of logging into mine.
Note that there is another user on the instance and he can still use Gerrit UI. I've searched some previous topics but no solutions seem to work.
For people who got stuck in this nightmare, there is a guide which describes how to deal with this kind of issues.
As the guide describes: you need to directly edit the External ID database and remove all the misbehaving External ID entries. Starting with Gerrit 2.15 the database got migrated to NoteDb so brace yourself.
So it appears I was on the right path after all.
What I did :
Cause of the bug
I changed the email of my account, and then changed the preferred email. Gerrit doesn't seem to support that and messed up with the external-id's.
Cause of the second bug
I deleted the external-id for the account I couldn't log in to (Either use API endpoints https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html or fetch All-Users:refs/meta/external-id)
But I deleted not only the
mailto:<my_username>@<domain>.comexternal-id but alsogerrit:<my_username>.After that, nothing I tried allowed me to log back in again.
Resolution
I created a new external-id in All-Users:refs/meta/external-id with the following:
Note: the name of this file is the SHA1 of
gerrit:<my_username>.I pushed my changes to Gerrit
Note: You need to edit
All-Usersaccesses in order to be allowed to push this.And it all worked again.
Feel free to add anything to this, it might not be very thorough.