search

dominik-th / matomo-plugin-LoginOIDC

external authentication services for matomo
https://plugins.matomo.org/LoginOIDC/
GNU General Public License v3.0
41 stars 29 forks source link

issue connecting to gitlab #10

Closed smeierzubiesen closed 4 years ago

smeierzubiesen commented 4 years ago

i know this might not officially be supported, but here goes anyways:

I have configured an endpoint on my gitlab instance

https://gitlab.mitos-kalandiel.me/.well-known/openid-configuration

{"issuer":"https://gitlab.mitos-kalandiel.me","authorization_endpoint":"https://gitlab.mitos-kalandiel.me/oauth/authorize","token_endpoint":"https://gitlab.mitos-kalandiel.me/oauth/token","userinfo_endpoint":"https://gitlab.mitos-kalandiel.me/oauth/userinfo","jwks_uri":"https://gitlab.mitos-kalandiel.me/oauth/discovery/keys","scopes_supported":["api","read_user","read_repository","write_repository","sudo","openid","profile","email"],"response_types_supported":["code","token"],"response_modes_supported":["query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"claim_types_supported":["normal"],"claims_supported":["iss","sub","aud","exp","iat","sub_legacy","name","nickname","email","email_verified","website","profile","picture","groups"]}

and then I have configured LoginOIDC with the parameters from my gitlab instance.

when attempting any oauth operation I get this:

A fatal error occurred

The following error just broke Matomo (v3.12.0):

An exception has been thrown during the rendering of a template ("Mysqli prepare error: Table 'redacted.mthr_loginoidc_provider' doesn't exist"). in /home/mzbcompa/stats.mzb.company/plugins/UsersManager/templates/userSettings.twig line 157

dominik-th commented 4 years ago

This is weird. Looks like Matomo 3.12.0 doesn't create the required table for the plugin anymore.

Same as in #9 you have to create the table manually. Try executing the following command:

CREATE TABLE `mthr_loginoidc_provider` (
  `user` varchar(100) NOT NULL,
  `provider_user` varchar(255) NOT NULL,
  `provider` varchar(255) NOT NULL,
  `date_connected` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
  PRIMARY KEY (`provider_user`,`provider`),
  UNIQUE KEY `user_provider` (`user`,`provider`),
  CONSTRAINT `mthr_loginoidc_provider_ibfk_1` FOREIGN KEY (`user`) REFERENCES `mthr_user` (`login`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Please report back if it worked for you.

I will take a closer look at the issue soon.

Did you install the plugin through the marketplace?

smeierzubiesen commented 4 years ago

yeah, installed through the market place, and after inserting the data into MySQL, it now works flawlessly :)

smeierzubiesen commented 4 years ago

check #11

dominik-th commented 4 years ago

Thanks for the PR. I'm not sure if this actually fixes the issue because the sql statement worked in the past before version 3.12.0 but I will have a closer look at it.

smeierzubiesen commented 4 years ago

ok, no probs, just thought i'd have a look :)

dominik-th commented 4 years ago

I tried to reproduce the issue with a fresh Matomo installation and an empty database but it worked just fine. So apparently Matomo 3.12.0 is not the cause.

Which database (MariaDB or MySQL) and which database version are you using?

smeierzubiesen commented 4 years ago

here's my version readout :

my matomo was freshly installed on this server and i had tried to implement login via LDAP, but wasn't happy with the security implications there, and so i decided on OAuth instead via my existing GitLab instance. and then during install of the plugin, everything ok, i set it up, create a user that also existed in my GitLab and boom error

smeierzubiesen commented 4 years ago

Thanks for the PR. I'm not sure if this actually fixes the issue because the sql statement worked in the past before version 3.12.0 but I will have a closer look at it.

regarding this, i have noticed that the two sql queries had some significant(?) differences, and thus i reworked the script to run as it proved to work

dominik-th commented 4 years ago

I got the SQL statement earlier in this thread from running mysqldump on my own database so technically they shouldn't be any different.

Maybe its some part of the syntax MySQL doesn't like but even then it should have shown a proper error message because errors are caught here: LoginOIDC.php So I am not sure if the install function actually ran in your case.

Anyways, I guess I'm going to accept your PR and wait to see if any other people run into this issue.

smeierzubiesen commented 4 years ago

danke vielmals ;)

nogweii commented 4 years ago

I'm installing this plugin into the official matomo docker container via a custom ansible playbook, and install didn't seem to run for me as well. The playbook does the following:

  1. downloads the zip file from Matomo's marketplace
  2. extracts it to .../matomo/plugins
  3. runs php console plugin:activate LoginOIDC
  4. configures the plugin by editing config.php.ini to add the various system settings.

I think that's all mostly working, the OIDC flow happens correctly, but then I get the same error, about a missing table.

EDIT: Ah! Actually, I had an extra step in between 2 & 3. Additionally, I added LoginOIDC to the PluginsInstalled array, but then plugin:activate doesn't run the installation step since, well, it's "installed" already! That step is entirely unneeded, removing that step makes it all work.