TeamCity + Atlassian Stash = CAPTCHA?

We have several TeamCity servers connecting to an Atlassian Stash (Git) server.  It can work very well for a few days, but suddenly we hit a situation where CAPTCHA triggers for the build user account.  The pattern (in the TeamCity server logs) seems to be 4 quick "not authorized" errors, followed by CAPTCHA.  The "not authorized" errors usually occur very rapidly (within 1 second) of one another, like this:

[2015-09-29 23:30:47,057]   INFO [l executor 3115] -      jetbrains.buildServer.VCS - Cannot load current state for VCS root "VCS_Root__xyz__1" {instance id=3033, parent internal id=440, parent id= VCS_Root__xyz__1, description: "https://stash-server:8443/scm/abc/xyz#develop/5.1.0"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://stash-server:8443/scm/abc/xyz#develop/5.1.0: not authorized

 

[2015-09-29 23:30:47,059]   INFO [l executor 3083] -      jetbrains.buildServer.VCS - Cannot load current state for VCS root "VCS_Root__xyz__2" {instance id=3033, parent internal id=440, parent id= VCS_Root__xyz__2, description: "https://stash-server:8443/scm/abc/xyz#develop/5.1.0"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://stash-server:8443/scm/abc/xyz#develop/5.1.0: not authorized

 

[2015-09-29 23:30:47,059]   INFO [l executor 3107] -      jetbrains.buildServer.VCS - Cannot load current state for VCS root "VCS_Root__xyz__3" {instance id=3033, parent internal id=440, parent id= VCS_Root__xyz__3, description: "https://stash-server:8443/scm/abc/xyz#develop/5.1.0"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://stash-server:8443/scm/abc/xyz#develop/5.1.0: not authorized

 

[2015-09-29 23:30:47,066]   INFO [l executor 3113] -      jetbrains.buildServer.VCS - Cannot load current state for VCS root "VCS_Root__xyz__4" {instance id=3033, parent internal id=440, parent id= VCS_Root__xyz__4, description: "https://stash-server:8443/scm/abc/xyz#develop/5.1.0"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://stash-server:8443/scm/abc/xyz#develop/5.1.0: not authorized

 

[2015-09-29 23:30:47,092]   INFO [l executor 3112] -      jetbrains.buildServer.VCS - Cannot load current state for VCS root "VCS_Root__xyz__5" {instance id=3033, parent internal id=440, parent id= VCS_Root__xyz__5, description: "https://stash-server:8443/scm/abc/xyz#develop/5.1.0"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://stash-server:8443/scm/abc/xyz#develop/5.1.0: CAPTCHA required

Your Stash account has been marked as requiring a CAPTCHA to be solved before...

We use server-side checkout, and I've verified that the passwords on all of the VCS Roots are correct.  Our VCS checking interval is typically 300 to 600 seconds.

Could TeamCity be trying to connect "too quickly" to the Stash server?   Any ideas?

Thanks,
Bryan

3 comments
Comment actions Permalink

Hi Bryan,

Could it be that you changed your credentials and TeamCity is still using your old credentials?
See Stash log file from STASH_HOME/log/audit/atlassian-stash-audit.log

Find the line with the phrases:

AuthenticationFailureEvent

It contain entries like:

127.0.0.1 | AuthenticationFailureEvent | - | 1392111196025 | username | {"authentication-method":"form","error":"Invalid username or password."} | 633x670x0 | poiu8765

First component is the IP (in my case localhost) of the calller.

Inside the braces describes authentication method and cause of the error.

0
Comment actions Permalink

Hey Aleksandr,

Thanks for your response.  We have a script that notifies us on CAPTCHA events generated from Stash.  The script emails us with the contents that you've referenced:

CAPTCHA authentication triggered for:

  user account "*removed*"

  from computer "10.x.y.z"

  at time "Fri Oct 16 11:49:56 2015"

  with event " AuthenticationFailureEvent "

  and message " {"authentication-method":"basic","error":"For security reasons you must answer a CAPTCHA question."} "

I verified that every VCS Root on the TeamCity server @ 10.x.y.z has a correct password, and all of those builds are able to execute most of the time.  However, it seems that suddenly this TeamCity server will generate the "not authorized" errors, followed by CAPTCHA.

If all of the VCS Root passwords are correct (and those builds can execute), I don't see how this server could generate "not authorized" events in the TC server logs.

Thanks,

Bryan

0
Comment actions Permalink

If you had used correct password then captcha request may happen randomly.
You can "Clear CAPTCHA" on the user's page in STASH.
For more infomation about Stash CAPTCHA

0

Please sign in to leave a comment.