Support for Gitlab server flow auth

jgraph / docker-drawio

Dockerized draw.io based on whichever is the most secure image at the time.

GNU General Public License v3.0

1.56k stars 364 forks source link

Support for Gitlab server flow auth #40

Closed dasmfm closed 3 years ago

dasmfm commented 3 years ago

Drawio moved to server flow auth since

28-APR-2021: 14.6.7

This patch allows to Gitlab integrations works with new flow.

davidjgraph commented 3 years ago

Yup, looks good. I won't have time to test it, but it's pretty trivial.

maleksan commented 3 years ago

@davidjgraph
In my case this patch doesn't work. In short, my current working integration (without DRAWIO_GITLAB_SECRET) is based on docker drawio:14.6.2-alpine version and with self-hosted Gitlab instance, authorization working very well. Tried to run latest drawio:14.9.4-alpine with the same configuration + additional DRAWIO_GITLAB_SECRET, but unfortunately without luck, cannot proceed authorization via Gitlab, auth page gives 'err_connection_closed' error. As possible issue, problem may be if DRAWIO_BASE_URL is with prefix-url, in my case it is: https://<my_domain>.com/drawio, and Gitlab Application Callback URL is https://<my_domain>.com/drawio/gitlab.html

maleksan commented 3 years ago

Meanwhile have tried to spin up Drawio instance without prefix-url (as described above), now there is another issue, redirect to Gitlab is working but further goes this error 'The redirect URI included is not valid.' Snippet from redirected url: https://<gitlab_domain>.com/authorize?client_id=******&scope=api%20read_repository%20write_repository&redirect_uri=https%3A%2F%2F<drawio_domain>.com%2Fgitlab&response_type=................

SDAdham commented 3 years ago

Hello everyone, I can't sign in with gitlab, it takes me to /gitlab instead of /gitlab.html which is HTTP ERROR 400, but if I change the url manually to /gitlab.html, it just says This window will be closed automatically but nothing happens. I don't know which version can I use, I used: jgraph/drawio then I switched to jgraph/drawio:14.6.13-alpine but still no luck, can you please advise?

SDAdham commented 3 years ago

After adding secret, I just get access denied, From the pod logs:

SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details
20-Aug-2021 13:53:28.635 INFO [http-nio-8080-exec-1] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Added state (xxx-> xxx)
20-Aug-2021 13:53:30.189 INFO [http-nio-8080-exec-2] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Found cookie state (xxxx-> xxxx)
20-Aug-2021 13:55:30.304 INFO [http-nio-8080-exec-8] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Added state (xxx-> xxxx)
20-Aug-2021 13:55:30.330 INFO [http-nio-8080-exec-9] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Found cookie state (xxx-> xxx)
20-Aug-2021 13:56:24.079 INFO [http-nio-8080-exec-1] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Added state (xxx-> xxx)
20-Aug-2021 13:56:25.837 INFO [http-nio-8080-exec-2] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [10.2.8.0] Found cookie state (xxx-> xxx)

isaacwuerth commented 3 years ago

I'm having the same problem. It looks like the backend only responds to *.html.

davidjgraph commented 3 years ago

/gitlab is the correct redirect, gitlab.html is not supported.

maleksan commented 3 years ago

/html is the correct redirect, .html is not supported.

Sorry, don't understand. Are you talking about this Gitlab Application Callback URL https://.com/drawio/gitlab.html? If so, I have to change this to https://.com/drawio/html Please explain

davidjgraph commented 3 years ago

sorry, typo, I meant /gitlab, not /gitlab.html

maleksan commented 3 years ago

sorry, typo, I meant /gitlab, not /gitlab.html

thanks, with /gitlab works!