search

coder / vscode-coder

Open any Coder workspace in VS Code with a single click.
MIT License
49 stars 12 forks source link

Failed to authenticate: Request Failed with status code 400 #303

Open aksharbarot opened 2 weeks ago

aksharbarot commented 2 weeks ago

Issue Title

VSCode Desktop unable to authenticate coder url.

image

Tried to open workspace directly

2024-06-21_10h57_12

Description

Coder is working fine in Terminal. I can able to connect using manual command

ssh -v -T -D 49217 "coder-vscode--iknow--silver-greenhopper-59" bash

Version

v2.11.0+8979bf

Extensions Version: V1.0.2 / used as well V1.1.0

Steps to Reproduce

Step 1: Login to Coder URL Step 2: Create workspace template Step 3: Create workspace from Step 2 Step 4: Connect to vscode

Logs from vscode

No logs

Logs from "globalStorage\coder.coder-remote\log"

No logs here as well

Command line login

coder login works file when provide token

Note

Using self sign certificate using http_proxy too

code-asher commented 2 weeks ago

How are you setting the proxy for VS Code? Using the http.proxy setting?

aksharbarot commented 1 week ago

Yes. It is added in settings.json

"coder.insecure": true,
"http.proxy": "http://IP:PORT",
"http.proxyAuthorization": null

at the same time when i hit enter in coder login url from extension.

I see below message in developer tool. VScode > Help > Toggle Developer Tool

image

But, when i manually curl -v coder url then, it does return "csrf-token"

code-asher commented 1 week ago

When you run cURL is it using the proxy as well? Do you get a response back for curl --proxy http://IP:PORT https://my-coder-domain/api/v2/buildinfo?

Are you able to get any logs from the proxy?

I think we need to add some better debugging on the plugin when a request fails, right now there is no good way to actually inspect the request that was made.

The CSRF error I believe can be ignored.

aksharbarot commented 1 week ago

Yes. I get response back when i used --proxy in curl

PS C:\Users\demo\Downloads> curl -v --proxy http://127.0.0.1:3128 https://myurl.coder.domain/api/v2/buildinfo
* Uses proxy env variable no_proxy == 'localhost'
*   Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to myurl.coder.domain:443
> CONNECT myurl.coder.domain:443 HTTP/1.1
> Host: myurl.coder.domain:443
> User-Agent: curl/8.7.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* CONNECT phase completed
* CONNECT tunnel established, response 200

I don't have proxy logs but, tcp trace shows as below,

14 3.913391 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 306 CONNECT myurl.coder.domain:443 HTTP/1.1 , NTLMSSP_NEGOTIATE 15 3.941441 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 41821 [ACK] Seq=1 Ack=1 ............ 84 4.126459 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 105 HTTP/1.1 200 Connection established 85 4.138854 10.yyy.yyy.yyy 10.x.xxx.xxx TLSv1.2 583 Client Hello (SNI=myurl.coder.domain) 86 4.187255 10.x.xxx.xxx 10.yyy.yyy.yyy TLSv1.2 1314 Server Hello 87 4.187255 10.x.xxx.xxx 10.yyy.yyy.yyy TLSv1.2 902 Certificate, Server Key Exchange, Server Hello Done

tcp trace logs when using vscode coder extentions

509 11.982731 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 455 GET https://myurl.coder.domain:8080/api/v2/users/me HTTP/1.1 , NTLMSSP_NEGOTIATE 510 12.014605 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 41704 [ACK] Seq=1 Ack=1 ............ 511 12.014605 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 41704 [ACK] Seq=1 Ack=390 Win=99328 Len=1248 ............ 512 12.014974 10.yyy.yyy.yyy 10.x.xxx.xxx TCP 66 41704 → 8080 [ACK] Seq=390 Ack=1249 Win=132096 Len=0 ........... 513 12.015057 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 41704 [ACK] Seq=1249 Ack=390 Win=99328 Len=1248 ............. 514 12.015057 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 613 HTTP/1.1 400 Bad Request (text/html)

aksharbarot commented 1 week ago

in vscode, If i change below settings,

"http.proxySupport": "fallback"

then, port 8080 is not added. but, still it fails with 400 Bad Request

176 7.115697 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 483 GET https://myurl.coder.domain/api/v2/users/me HTTP/1.1 , NTLMSSP_NEGOTIATE 177 7.142449 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 32101 [ACK] Seq=1 Ack=1 ........... 178 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 32101 [ACK] Seq=1 Ack=418 Win=99328 Len=1248 ............ 179 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 32101 [ACK] Seq=1249 Ack=418 Win=99328 Len=1248 ............... 180 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 608 HTTP/1.1 400 Bad Request (text/html)

same GET url does work from curl but, not from extension

code-asher commented 1 week ago

Hmmmm interesting that the CONNECT seems to be missing in the tcp trace.

One thing you could try is to update to 1.2.1 and set http.proxySupport to either on or off to make the Coder plugin use its own proxy rather than have VS Code handle it, although our support is pretty much the same as VS Code's so I doubt it would work any better, but if it does work with ours that means there could be a bug in VS Code.

Do other parts of VS Code work fine with the proxy? Like searching for extensions?

aksharbarot commented 1 week ago

@code-asher searching and downloading extensions works fine and well.

No. changing, http.proxySupport didn't help.

but, wondering that why coder extension is making query to get https://myurl.coder.domain/api/v2/users/me because, It should go for authentication first.

GET https://myurl.coder.domain/api/v2/users/me HTTP/1.1 Accept: application/json, text/plain, / Coder-Session-Token: AdBes3XXXXXXXXXXXXXXXXXXXXCYH User-Agent: axios/1.6.8 Accept-Encoding: gzip, compress, deflate, br host: myurl.coder.domain Connection: close

HTTP/1.1 400 Bad Request Cache-Control: no-cache X-XSS-Protection: 1 Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 2863 Pragma: no-cache

aksharbarot commented 1 week ago

I understood that GET and PUT requests are getting block.

I tried manually send GET request using axios and It is showing same error as coder extensions shows status 400.

code-asher commented 1 week ago

but, wondering that why coder extension is making query to get https://myurl.coder.domain/api/v2/users/me because, It should go for authentication first.

What do you mean by "go for authentication first"? We always need the user details, so we make that the first call. There is no separate auth call, we have to handle authorization for every call we make since the token can expire at any time, if that makes sense.

I understood that GET and PUT requests are getting block.

Oh interesting! Could be a proxy configuration issue then?