decaporg / decap-cms

A Git-based CMS for Static Site Generators
https://decapcms.org
MIT License
17.99k stars 3.05k forks source link

404 After Logging into Decap #7172

Closed peterstory closed 4 months ago

peterstory commented 7 months ago

Describe the bug After logging into Decap, I get a "404 Project Not Found" error.

To Reproduce

  1. Load https://trinityworc.gitlab.io/admin/
  2. Click "Login with GitLab"
  3. Authorize the application

Expected behavior The Decap CMS GUI should load.

Screenshots I'm stuck at "Logging in..."

Screenshot 2024-04-10 at 3 08 54 PM

Applicable Versions:

CMS configuration https://trinityworc.gitlab.io/admin/config.yml

Additional context Console errors:

[Error] Failed to load resource: the server responded with a status of 404 () (trinityworc/trinityworc.gitlab.io, line 0)
[Error] API_ERROR: 404 Project Not Found
    (anonymous function) (decap-cms.js:393:16206)

This request was successful:

Request
:method: GET
:scheme: https
:authority: gitlab.com
:path: /api/v4/projects/trinityworc%2Ftrinityworc.gitlab.io
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: Bearer 44af145562 (TRUNCATED)
Cache-Control: max-age=0
Connection: keep-alive
Host: gitlab.com
Origin: https://trinityworc.gitlab.io
Referer: https://trinityworc.gitlab.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15

This request gave a 404:

Request
:method: GET
:scheme: https
:authority: gitlab.com
:path: /api/v4/projects/trinityworc%2Ftrinityworc.gitlab.io
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: token 44af145562 (TRUNCATED)
Cache-Control: max-age=0
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Host: gitlab.com
If-None-Match: W/"e7f905f7124af22dde92440cfb4b51fb"
Origin: https://trinityworc.gitlab.io
Referer: https://trinityworc.gitlab.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
shannonphillipl commented 7 months ago

+1, seeing exactly the same behavior.

The request to GitLab 404s. When I make the same exact request (using cURL) and change the Authorization header by replacing "token" with "Bearer," the request succeeds.

Marcyoyo commented 6 months ago

+2 can confirm - same issue with a self-hosted gitlab instance.

martinjagodic commented 6 months ago

Does login work on your setups with any of the previous versions of Decap?

peterstory commented 6 months ago

@martinjagodic I hardcoded the version to 3.1.2, and I logged in without issue. So it seems there was a regression.

martinjagodic commented 6 months ago

@peterstory 3.1.2 is the version you mentioned in the original comment as the one with the problem. The latest is 3.1.10. If you have some time, could you check which versions have the problem and which don't? So we can identify the culprit more easily.

peterstory commented 6 months ago

To clarify, when I opened the issue my admin page used this URL: https://cdn.jsdelivr.net/npm/decap-cms@^3.1.2/dist/decap-cms.js Following the URL and searching the source code shows that: version:"decap-cms@3.1.10"

Then, I edited the URL to be: https://cdn.jsdelivr.net/npm/decap-cms@3.1.2/dist/decap-cms.js Which of course has: version:"decap-cms@3.1.2"

So I have the error with 3.1.10, and I don't have the error with 3.1.2.

robinkruyt commented 6 months ago

I'm having the same problem using "the latest version", when reverting to specific 3.1.2 the problem no longer exists. Using gitlab.com

b-xb commented 5 months ago

Was being driven mad by this issue today.

I found the exact piece of code that is causing the issue....

At the following link you can see a piece of code was introduced that calls getDefaultBranchName()

https://github.com/decaporg/decap-cms/compare/decap-cms%403.1.2...main#diff-c2b33fd12ce38e1438c9c43cd2be709d291d165dd6a70dd8c4377d3a075fdad1

getDefaultBranchName() calls apiRequest()

https://github.com/decaporg/decap-cms/blob/main/packages/decap-cms-lib-util/src/API.ts#L239

apiRequest() calls constructRequestHeaders()

https://github.com/decaporg/decap-cms/blob/main/packages/decap-cms-lib-util/src/API.ts#L201C26-L201C37

constructRequestHeaders() then explicitly uses "token" instead of "Bearer" (which is what gitlab requires) causing the error to be thrown

https://github.com/decaporg/decap-cms/blob/main/packages/decap-cms-lib-util/src/API.ts#L185