search

makeplane / plane

🔥 🔥 🔥 Open Source JIRA, Linear, Monday, and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
http://plane.so
GNU Affero General Public License v3.0
30.88k stars 1.73k forks source link

[bug]: invalid oauth2 redirect_uri is generated #5853

Open drev74 opened 1 month ago

drev74 commented 1 month ago

Is there an existing issue for this?

Current behavior

I followed your docs to allow oauth2 login with Google

Login with Google generates the following request:

https://accounts.google.com/o/oauth2/v2/auth?client_id=<my-client>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&redirect_uri=http%3A%2F%2Fplane.<invalid>.com%2Fauth%2Fgoogle%2Fcallback%2F&response_type=code&access_type=offline&prompt=consent&state=eb3db8cffda0467ba19f9dc1d2a13388

This is invalid redirect URI. It takes name from one of my workspaces, which is incorrect. This gives me an invalid subdomain like : plane.my-workspace.com instead of a subpath like plane.mysite.com/my-workspace

Corrent redirect_uri, which was autogenerated in Plane's God Mode is: https://plane.my-site.com/auth/google/callback

This results in OAUTH2 error: invalid redirect URI

Steps to reproduce

  1. Install Plane self hosted v.0.23.1
  2. Login God
  3. Click Authenticaiton
  4. Add Google auth
  5. Register Plane self hosted within Google APIs
  6. Enter Plane login screen and try Login with Google

Environment

Production

Browser

Google Chrome

Variant

Self-hosted

Version

0.23.1

drev74 commented 1 month ago

Please add oauth2 config Allowed JavaScript Origins and Allowed Redirect URIs to the plane helm chart :pray:

rasyidly commented 1 month ago

I'm using a layered proxy server, I don't know where the actual case is, but I'm trying to change this line https://github.com/makeplane/plane/blob/d859ab9c39b3f4510a1def8e80aff1cd8e8def51/apiserver/plane/authentication/provider/oauth/google.py#L46 to

redirect_uri = f"""https://{request.get_host()}/auth/google/callback/"""

after changing the code, restart the Gunicorn with ps aux | grep gunicorn to find the PID of running service, then kill -HUP <pid>

IDK why it's working, because I'm not a py developer, also, I'm running on a self-hosted plane in my virtual Alpine Linux server.

fbiere commented 1 week ago

Same issue here.