Closed anebi closed 7 years ago
Unfortunately I'm not familiar at gitlab, so I'm not sure what is the exact behavior in detail. What should we do to setup the environment for testing?
Hello,
You can follow steps below:
https://mattermosthost_here/login/gitlab/complete https://mattermosthost_here/signup/gitlab/complete http://mattermosthost_here/login/gitlab/complete http://mattermosthost_here/signup/gitlab/complete
or http://mattermosthost_here:8065/login/gitlab/complete http://mattermosthost_here:8065/signup/gitlab/complete
Once you save this application, you will get 2 keys: Application Id and Secret. You will need to enter these at mattermost side
Let me know if you need my help.
Regards, Ali Nebi
Thank you for the description @anebi, very helpful!
We have a known bug where Google Authentication doesn't properly work on the desktop app, causing the app to freeze.
There is a fix that needs to go in the Mattermost server first (through platform repo), so I've added the server side
label for it. I'll leave this issue open so we can test this once it's in.
Thanks again for the report!
Hi, I updated Mattermost server to latest release 3.5.0, but I see that problem is still not solved. When we can expect the fix to be released?
Thanks, Ali Nebi
Hey @anebi
The issue with Google Authentication wasn't fixed for 3.5 and I unfortunately cannot promise a date when it will be.
Please keep in mind that only the default GitLab SSO is officially supported. “Double SSO”, that is, chaining GitLab SSO to other SSO solutions like LDAP or Google is not currently supported.
It may be possible to connect to use GitLab SSO in some cases with AD, LDAP, SAML, or MFA add-ons, but because of the special logic required they’re not officially supported and are known not to work on some instances.
If having official Google Authentication support is critical to your enterprise, please consider purchasing Mattermost Enterprise Edition.
Hi, I am evaluating the Enterprise Edition (with evalution license) currently because we would need Google SSO (mattermost-3.5.1-linux-amd64.tar.gz)
But the desktop client on Mac still has the same problem.
It freezes when clicking on "next" on the google signin page.
Developer console shows something like:
index.js:529 [techtribe] Uncaught Error: Invalid JSON string: {"photo_url":"","name":"","email":"wessel@xxx.nl","shadow_email":"","encoded_profile_information":"--","session_state":"--","recovery_url":"--","should_redirect_in_browser_drivefs":false,"action":"ASK_PASSWORD"} webview.addEventListener.e @ index.js:529WebViewImpl.dispatchEvent @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/web-view.js:192dispatchEvent @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/guest-view-internal…:57(anonymous function) @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/guest-view-internal…:66emitMany @ events.js:127emit @ events.js:201
The problem reproduced. It seems that Google sign-in page uses window.eval()
, but it's disabled due to security reason in the desktop app. So the page has stopped after entering gmail address (It was printed in the developer console log).
By enabling window.eval()
, I could signin to mattermost with Google auth through GitLab. But to re-enable window.eval()
, we must consider whether it's truly safe.
Hi,
We updated Mattermost enterprise server to latest release 3.5.1, but I see that problem is still not solved. When we can expect the fix to be released? This is a blocker to our enterprise evaluation.
Thanks,
Thanks @anebi, @wessel-techtribe-nl and @gs-svempati for the feedback.
Re-enabling a function on the desktop app (called window.eval()
) fixes the issue for Google SSO.
However, re-enabling this function could potentially lead to a security vulnerability, so we're currently evaluating different options to resolve this issue.
I'll post an update here as soon as we know more.
We're currently testing a build, which re-enables the window.eval()
function and fixes Google SSO login issues.
https://circleci.com/gh/yuya-oc/desktop/125#artifacts
Note: These test builds are not recommended for production as they may contain a security vulnerability.
All help to test the removal of the window.eval()
function would be appreciated. For context on the window.eval()
function, please see the Electron documentation.
One thing we're working on is creating a harmful HTML file that tries to use Node.js APIs. If anyone has guidance or tips for it, please let us know!
Google login works for me now in mattermost-desktop-3.5.0-mac.tar.gz
Thank you very much for this. @wessel-techtribe-nl and @jasonblais
Thanks all for your patience -- this issue will be fixed in Mattermost desktop v3.6.
You can find more details about the v3.6 release dates here: https://github.com/mattermost/desktop/issues/429
I confirm (by marking "x" in the [ ] below):
Summary
Desktop clients for Win and Mac OS are freezing on login form after username is entered. This happens when Google authentication thru GitLab is used.
Android App is working without problems.
Steps to reproduce
Environment
Expected behavior
Install and login to the server using GitLab and Google without freezes