search

gabrie-allaigre / sonar-auth-gitlab-plugin

Use GitLab OAuth login in SonarQube login page
https://gitlab.talanlabs.com/gabriel-allaigre/sonar-auth-gitlab-plugin
GNU Lesser General Public License v3.0
100 stars 29 forks source link

Unable to authenticate a user with the last gitlab version: 9.2.2-ee #9

Open edaubert opened 7 years ago

edaubert commented 7 years ago

Hello,

We are using this plugin since one month and everything was great until the last update of gitlab that we applied this week-end. Now, we are not able to authenticate ourselves using this plugin. We try to give more rights by using scope: api instead of scope: read_user but nothing changes. We are using an HTTPS URL for our sonar instance and we use an hosted gitlab instance (githost.io).

Here is the trace we get from https://.../api/system/logs?process=web:

2017.05.29 08:22:38 ERROR web[AVw5a6cdrkJ1qNQEAAYc][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalStateException: Fail to authenticate the user. Error code is 403, Body of the response is {"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
    at com.talanlabs.sonar.plugins.gitlab.auth.GitLabIdentityProvider.callback(GitLabIdentityProvider.java:100)
    at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:90)
    at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:75)
    at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:68)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:76)
    at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:63)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
    at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.sonar.server.platform.web.RoutesFilter.doFilter(RoutesFilter.java:60)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Did you have some pointers to help us out ?

gabrie-allaigre commented 7 years ago

Hi, Same problems https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/issues/7

morph027 commented 7 years ago

Probably some hint here: https://docs.gitlab.com/ce/api/v3_to_v4.html

gabrie-allaigre commented 7 years ago

Hi, I create a patch https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/releases/download/1.2.2-rc1/sonar-auth-gitlab-plugin-1.2.2-rc1.jar I add option to change scope in Administration. I will ask for the update in SonarQube but it takes a few days.

edaubert commented 7 years ago

It works perfectly.

Thanks !