search

Crivaledaz / Mattermost-LDAP

This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
MIT License
357 stars 71 forks source link

After pressing Gitlab button redirected to main login page #106

Open totkapf opened 1 year ago

totkapf commented 1 year ago

Describe the bug After pressing the Gitlab button you redirected to https://mattermost.example.com/oauth/resource.php and then immideatly to https://mattermost.integranw.ru/login?redirect_to=%2Foauth%2Fresource.php

To Reproduce Steps to reproduce the behavior:

  1. Install mattermost Team Edition v.7.9.2
  2. Install Mattermost-LDAP on the same server as Bare metal (Apache/2.4.37 port 443 over SSL, PHP 7.2.24)
  3. Open mattermost login page, click gitlab, redirected to https://mattermost.example.com/oauth/resource.php and then immideatly to https://mattermost.integranw.ru/login?redirect_to=%2Foauth%2Fresource.php

Provide commands, Mattermost and PHP logs or configuration file if possible. 192.168.100.21 -- mattermost server 192.168.100.10 --nginx web-proxy server for access mattermost server from outside OS: Rocky Linux 8

Mattermost logs in debug mode

{"timestamp":"2023-04-28 14:44:15.240 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/oauth/gitlab/login","request_id":"3jiziwtcmffc3e7u73p6metagy","status_code":"302"}
{"timestamp":"2023-04-28 14:44:15.299 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/oauth/resource.php/oauth/authorize","request_id":"ek39sb7b6tdg3dyd1r36p9mkyc","status_code":"200"}
{"timestamp":"2023-04-28 14:44:15.934 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/config/client","request_id":"r3hg4c95ntyypnipqq9mfd6ymw","status_code":"200"}
{"timestamp":"2023-04-28 14:44:15.936 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/license/client","request_id":"6ayfhhxuwfnrfrhzfnazfnfthr","status_code":"200"}
{"timestamp":"2023-04-28 14:44:15.959 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/plugins/webapp","request_id":"8jrw615x8f8iby766j8wi1x6qy","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.323 +03:00","level":"debug","msg":"Received HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","method":"GET","url":"/api/v0/settings","user_id":"","request_id":"64r1p1mw5bdqtfbi486em8zqny","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:44"}
{"timestamp":"2023-04-28 14:44:16.325 +03:00","level":"debug","msg":"Handled HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","method":"GET","url":"/api/v0/settings","user_id":"","request_id":"64r1p1mw5bdqtfbi486em8zqny","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","time":"2","status":"401","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:57"}
{"timestamp":"2023-04-28 14:44:16.615 +03:00","level":"debug","msg":"Invalid or expired session, please login again.","caller":"web/context.go:113","path":"/api/v4/teams","request_id":"9wjnjm8983fh7geoemexectsbh","ip_addr":"192.168.100.10","user_id":"","method":"GET","err_where":"","http_code":401,"error":": Invalid or expired session, please login again., UserRequired"}
{"timestamp":"2023-04-28 14:44:16.615 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/teams","request_id":"9wjnjm8983fh7geoemexectsbh","status_code":"401"}
{"timestamp":"2023-04-28 14:44:16.645 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"POST","url":"/api/v4/users/logout","request_id":"j6n6xkorn3833f8g6qnjpj4qsr","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.667 +03:00","level":"debug","msg":"Invalid or expired session, please login again.","caller":"web/context.go:113","path":"/api/v4/teams","request_id":"1sjzaa5u5ibttr86cfjiwho3me","ip_addr":"192.168.100.10","user_id":"","method":"GET","err_where":"","http_code":401,"error":": Invalid or expired session, please login again., UserRequired"}
{"timestamp":"2023-04-28 14:44:16.667 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/teams","request_id":"1sjzaa5u5ibttr86cfjiwho3me","status_code":"401"}
{"timestamp":"2023-04-28 14:44:16.693 +03:00","level":"debug","msg":"websocket.NextReader: closing websocket","caller":"platform/web_conn.go:828","user_id":"","error":"websocket: close 1006 (abnormal closure): unexpected EOF"}
{"timestamp":"2023-04-28 14:44:16.693 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/websocket","request_id":"gs8xojgctf8apb3itf9tq1dxta"}
{"timestamp":"2023-04-28 14:44:16.695 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/","request_id":"83iju8omkpbj3f9yh9y1yd333y","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.716 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"POST","url":"/api/v4/users/logout","request_id":"nnfgsxqekjnot8pcz6g5qdin5h","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.781 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"POST","url":"/api/v4/users/logout","request_id":"tsp55qjqjtfjpdff4hkk1kb6yw","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.851 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/","request_id":"muhimtxbwir4fcwrt3wwnm9bqw","status_code":"200"}
{"timestamp":"2023-04-28 14:44:16.940 +03:00","level":"debug","msg":"Invalid or expired session, please login again.","caller":"web/context.go:113","path":"/api/v4/teams","request_id":"fxpjym4wntfnxdf9hw7y1tnoww","ip_addr":"192.168.100.10","user_id":"","method":"GET","err_where":"","http_code":401,"error":": Invalid or expired session, please login again., UserRequired"}
{"timestamp":"2023-04-28 14:44:16.940 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/teams","request_id":"fxpjym4wntfnxdf9hw7y1tnoww","status_code":"401"}
{"timestamp":"2023-04-28 14:44:18.063 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/config/client","request_id":"pu5a7wccciy6ur1rqs8aikdr7e","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.064 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/license/client","request_id":"cf9y18jti7yibku315c13ropha","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.104 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/plugins/webapp","request_id":"t9xpnud3rfb7mbqzdrg5cbew3e","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.328 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/config/client","request_id":"6z7wasqxxjb47k5fzcbn84imih","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.332 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/license/client","request_id":"eaxkhk5iniyg5yxu49a6g5t9ah","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.405 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/plugins/webapp","request_id":"ciwyfympwty8iffqt9y1yje5jh","status_code":"200"}
{"timestamp":"2023-04-28 14:44:18.538 +03:00","level":"debug","msg":"Received HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","user_id":"","request_id":"sqxeho9mzfgczmk3jtn1zuua9y","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","method":"GET","url":"/api/v0/settings","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:44"}
{"timestamp":"2023-04-28 14:44:18.539 +03:00","level":"debug","msg":"Handled HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","method":"GET","time":"1","status":"401","url":"/api/v0/settings","user_id":"","request_id":"sqxeho9mzfgczmk3jtn1zuua9y","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:57"}
{"timestamp":"2023-04-28 14:44:18.874 +03:00","level":"debug","msg":"Invalid or expired session, please login again.","caller":"web/context.go:113","path":"/api/v4/teams","request_id":"fm3kxfhzmjngmxnnewiawk673o","ip_addr":"192.168.100.10","user_id":"","method":"GET","err_where":"","http_code":401,"error":": Invalid or expired session, please login again., UserRequired"}
{"timestamp":"2023-04-28 14:44:18.874 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/teams","request_id":"fm3kxfhzmjngmxnnewiawk673o","status_code":"401"}
{"timestamp":"2023-04-28 14:44:18.995 +03:00","level":"debug","msg":"Received HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","method":"GET","url":"/api/v0/settings","user_id":"","request_id":"rbft5obi978pimradox9gf5tgy","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:44"}
{"timestamp":"2023-04-28 14:44:18.996 +03:00","level":"debug","msg":"Handled HTTP request","caller":"app/plugin_api.go:970","plugin_id":"playbooks","time":"1","status":"401","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","method":"GET","url":"/api/v0/settings","user_id":"","request_id":"rbft5obi978pimradox9gf5tgy","plugin_caller":"github.com/mattermost/mattermost-plugin-playbooks/server/api/logger.go:57"}
{"timestamp":"2023-04-28 14:44:19.230 +03:00","level":"debug","msg":"Invalid or expired session, please login again.","caller":"web/context.go:113","path":"/api/v4/teams","request_id":"3x58oezx87de3przmik7nouzec","ip_addr":"192.168.100.10","user_id":"","method":"GET","err_where":"","http_code":401,"error":": Invalid or expired session, please login again., UserRequired"}
{"timestamp":"2023-04-28 14:44:19.230 +03:00","level":"debug","msg":"Received HTTP request","caller":"web/handlers.go:171","method":"GET","url":"/api/v4/teams","request_id":"3x58oezx87de3przmik7nouzec","status_code":"401"}

Mattermost config

"GitLabSettings": {
    "Enable": true,
    "Secret": "<secret>",
    "Id": "<id>",
    "Scope": "",
    "AuthEndpoint": "https://mattermost.example.com/oauth/resource.php/oauth/authorize",
    "TokenEndpoint": "https://mattermost.example.com/oauth/resource.php/oauth/token",
    "UserAPIEndpoint": "https://mattermost.example.com/oauth/resource.php/api/v4/user",
    "DiscoveryEndpoint": "",
    "ButtonText": "",
    "ButtonColor": ""

ldap.php output

<h3>LDAP : Test Center</h3>Attempting to connect LDAP server ... <br />Successful connection ! <br />Authenticating with bind credentials ... <br />Successful authentication ! <br />Getting user informations ...<br />Data recovered with success ! <br />Extracting useful data : <br /><br />dn: uid=user,cn=users,cn=accounts,dc=example,dc=com<br />cn: user user<br />uid: user<br />email: user@example.com<br /><hr />Closing LDAP connection.

Expected behavior Redirection to Gitlab authentification page

Acsigen commented 6 months ago

I have found a fix here

totkapf commented 6 months ago

I have found a fix here

Your link leads to nowhere. Could you refresh it?

Acsigen commented 6 months ago

I have found a fix here

Your link leads to nowhere. Could you refresh it?

I just did. Though it might not fully apply to your case since we have different versions of Mattermost.