Desktop client freezes on login form when Google auth thru gitlab is used

[anebi]

I confirm (by marking "x" in the [ ] below):

• [x ] This is not a feature idea. Feature ideas go here: http://www.mattermost.org/feature-ideas/
• [x ] This is not a troubleshooting question. Troubleshooting questions go here: http://www.mattermost.org/troubleshoot/
• [x] This is a product defect issue that can be reproduced using the steps listed below.
• [x] I have read CONTRIBUTING.md.

---

Summary

Desktop clients for Win and Mac OS are freezing on login form after username is entered. This happens when Google authentication thru GitLab is used.

Android App is working without problems.

Steps to reproduce

1. Install Mattermost Desktop client on Win or Mac
2. Add Team and go to authentication process
3. Select authentication thru GitLab
4. GitLab screen is opened, select Google authentication
5. Google login form is loaded. Enter username and press next to go to screen where you can eter password.
6. You get screen and mattermost frozen. You don't get the page with input field for password loaded. You just have frozen login form.

   Environment

   • Operating System: Windows and Mac
   • Mattermost Desktop App version: 3.4.1
   • Mattermost Server version: 3.4.0

     Expected behavior

Install and login to the server using GitLab and Google without freezes

[yuya-oc]

Unfortunately I'm not familiar at gitlab, so I'm not sure what is the exact behavior in detail. What should we do to setup the environment for testing?

[anebi]

Hello,

You can follow steps below:

1. You create account at gitlab.com
2. You connect that account with a google account. You can do this when you visit at gitlab Profile Settings page -> Account -> click to Google icon and follow the steps for mapping accounts
3. Next you click again at gitlab side to Profile Settings -> Applications and Add a new application. In this page you will setup callback urls used during authentication process. You have to enter Application Name and callaback urls as follow:

https://mattermosthost_here/login/gitlab/complete https://mattermosthost_here/signup/gitlab/complete http://mattermosthost_here/login/gitlab/complete http://mattermosthost_here/signup/gitlab/complete

or http://mattermosthost_here:8065/login/gitlab/complete http://mattermosthost_here:8065/signup/gitlab/complete

Once you save this application, you will get 2 keys: Application Id and Secret. You will need to enter these at mattermost side

1. Login to Mattermost server system console and go to General. Set Site URL: http://mattermosthost_here or https://mattermosthost_here or http://mattermosthost_here:8065 base on your real url (note: url must be without ending slash)
2. Go to AUTHENTICATION -> GitLab
3. Enable authentication with GitLab -> true
4. Put the keys from GitLab to Application ID: and Application Secret Key: fields
5. User API Endpoint: https://gitlab.com/api/v3/user
6. Auth Endpoint: https://gitlab.com/oauth/authorize
7. Token Endpoint: https://gitlab.com/oauth/token
8. Next you have to logout from Mattermost and login to a team in browser with your GitLab account. It will ask you for Authorization, you must allow and authorize the application connection.
9. Next you can try to login to matter most using GitLab and to GitLab using google account.
10. If you are able to login, then all is ok
11. Next you can try to sign in same way from Desktop app. This is where we have problems.

Let me know if you need my help.

Regards, Ali Nebi

[jasonblais]

Thank you for the description @anebi, very helpful!

We have a known bug where Google Authentication doesn't properly work on the desktop app, causing the app to freeze.

There is a fix that needs to go in the Mattermost server first (through platform repo), so I've added the server side label for it. I'll leave this issue open so we can test this once it's in.

Thanks again for the report!

[anebi]

Hi, I updated Mattermost server to latest release 3.5.0, but I see that problem is still not solved. When we can expect the fix to be released?

Thanks, Ali Nebi

[jasonblais]

Hey @anebi

The issue with Google Authentication wasn't fixed for 3.5 and I unfortunately cannot promise a date when it will be.

Please keep in mind that only the default GitLab SSO is officially supported. “Double SSO”, that is, chaining GitLab SSO to other SSO solutions like LDAP or Google is not currently supported.

It may be possible to connect to use GitLab SSO in some cases with AD, LDAP, SAML, or MFA add-ons, but because of the special logic required they’re not officially supported and are known not to work on some instances.

If having official Google Authentication support is critical to your enterprise, please consider purchasing Mattermost Enterprise Edition.

[wessel-techtribe-nl]

Hi, I am evaluating the Enterprise Edition (with evalution license) currently because we would need Google SSO (mattermost-3.5.1-linux-amd64.tar.gz)

But the desktop client on Mac still has the same problem.

It freezes when clicking on "next" on the google signin page.

Developer console shows something like:

index.js:529 [techtribe] Uncaught Error: Invalid JSON string: {"photo_url":"","name":"","email":"wessel@xxx.nl","shadow_email":"","encoded_profile_information":"--","session_state":"--","recovery_url":"--","should_redirect_in_browser_drivefs":false,"action":"ASK_PASSWORD"} webview.addEventListener.e @ index.js:529WebViewImpl.dispatchEvent @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/web-view.js:192dispatchEvent @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/guest-view-internal…:57(anonymous function) @ /Applications/Mattermost.app/Contents/Resources/electron.asar/renderer/web-view/guest-view-internal…:66emitMany @ events.js:127emit @ events.js:201

[yuya-oc]

The problem reproduced. It seems that Google sign-in page uses window.eval(), but it's disabled due to security reason in the desktop app. So the page has stopped after entering gmail address (It was printed in the developer console log).

By enabling window.eval(), I could signin to mattermost with Google auth through GitLab. But to re-enable window.eval(), we must consider whether it's truly safe.

• Desktop app: v3.4.1
• Server: v3.4.0
• GitLab: gitlab.com

[gs-svempati]

Hi,

We updated Mattermost enterprise server to latest release 3.5.1, but I see that problem is still not solved. When we can expect the fix to be released? This is a blocker to our enterprise evaluation.

Thanks,

[jasonblais]

Thanks @anebi, @wessel-techtribe-nl and @gs-svempati for the feedback.

Re-enabling a function on the desktop app (called window.eval()) fixes the issue for Google SSO.

However, re-enabling this function could potentially lead to a security vulnerability, so we're currently evaluating different options to resolve this issue.

I'll post an update here as soon as we know more.

[jasonblais]

We're currently testing a build, which re-enables the window.eval() function and fixes Google SSO login issues.

https://circleci.com/gh/yuya-oc/desktop/125#artifacts

Note: These test builds are not recommended for production as they may contain a security vulnerability.

All help to test the removal of the window.eval() function would be appreciated. For context on the window.eval() function, please see the Electron documentation.

One thing we're working on is creating a harmful HTML file that tries to use Node.js APIs. If anyone has guidance or tips for it, please let us know!

[wessel-techtribe-nl]

Google login works for me now in mattermost-desktop-3.5.0-mac.tar.gz

[gs-svempati]

Thank you very much for this. @wessel-techtribe-nl and @jasonblais

[jasonblais]

Thanks all for your patience -- this issue will be fixed in Mattermost desktop v3.6.

You can find more details about the v3.6 release dates here: https://github.com/mattermost/desktop/issues/429