search

apache / incubator-devlake

Apache DevLake is an open-source dev data platform to ingest, analyze, and visualize the fragmented data from DevOps tools, extracting insights for engineering excellence, developer experience, and community growth.
https://devlake.apache.org/
Apache License 2.0
2.5k stars 493 forks source link

[Bug][SonarQube] Plugin not work with a bearer token #7638

Open emschimmel opened 1 week ago

emschimmel commented 1 week ago

Search before asking

What happened

We are using a hosted version of SonarQube (not cloud). I have an admin token. Using the api endpoints via Postman I have to use the Bearer keyword for authentication. example: Authorization: Bearer squ_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

What do you expect to happen

Since we don't use a cloud version of SonarQube we did expect it to work.

How to reproduce

Using the test connection feature it gives a connection failed. Possibly because in the connection model in the SetupAuthentication method the keyword Basic is being used. and obviously the rest of the endpoints wont work either. I tryed to chance this to Bearer but no effect. When I inspect the request headers after the call I don't see the autorization header unless I add it twice (with obviously also does not result in a success response).

Anything else

We tested multiple versions of Devlake.

Version

v0.17.0-beta2

Are you willing to submit PR?

Code of Conduct

dosubot[bot] commented 1 week ago

Hello @emschimmel! I'm here to help you with any issues you have with the Devlake plugin. I can assist you with bug fixes, answer your questions, and guide you on how to become a contributor. Let's work together to resolve your concerns!

The issue you're experiencing with the SonarQube plugin not working with a bearer token for authentication is due to the plugin using HTTP Basic Authentication instead of Bearer Authentication. The SetupAuthentication method in the connection model sets the Authorization header using the Basic scheme with an encoded token.

To resolve this, you need to modify the SetupAuthentication method to use the Bearer scheme instead of Basic. Here is the updated code:

func (sat SonarqubeAccessToken) SetupAuthentication(req *http.Request) errors.Error {
    req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", sat.Token))
    return nil
}

This change will set the Authorization header to use the Bearer scheme, which is the correct method for bearer token authentication [1].

To continue talking to Dosu, mention @dosu.

emschimmel commented 1 week ago

That is the exact chance I made to try to fix it and didn't work.

klesh commented 1 week ago
  1. What is the version of your SonarQube?
  2. 0.17 is way too old, please upgrade to v1.0.0-rc1
emschimmel commented 1 week ago

Maybe it is to new in that case. The company bought it 2 weeks ago. So this is the version: Enterprise Edition v10.5.1

klesh commented 1 week ago

I see, it is much newer than what we tested before. But you can try the latest v1.0.0-rc1 and see if it works for you first.