search

mher / flower

Real-time monitor and web admin for Celery distributed task queue
https://flower.readthedocs.io
Other
6.37k stars 1.08k forks source link

Google Oauth returning 404 on login #1322

Open ShaleenAg opened 11 months ago

ShaleenAg commented 11 months ago

Describe the bug I have added google oauth to my flower config, but whenever I try to login, it just errors out with Page not found and on checking the network tab, it seems like the login call is returning 404. I have tried using Basic auth and its working fine with it, so I am assumimg its a google issue. Here's my config

auth_provider="flower.views.auth.GoogleAuth2LoginHandler"
auth=".*@domain.com"
oauth2_redirect_uri="https://dev.domain.com/flower/login/"
url_prefix='flower/'
#to make sure tasks stay populated after restarts
persistent=True
debug=True
oauth2_key="<redacted>.apps.googleusercontent.com"
oauth2_secret="<redacted>"

To Reproduce Steps to reproduce the behavior:

  1. Access flower from browser
  2. login returns Error, page not found

Expected behavior Flower should be logged in

Screenshots If applicable, add screenshots to help explain your problem.

System information flower -> flower:2.0.0 tornado:6.3.2 humanize:4.7.0 software -> celery:5.3.1 (emerald-rush) kombu:5.3.1 py:3.8.10 billiard:4.1.0 py-amqp:5.1.1 platform -> system:Linux arch:64bit, ELF kernel version:5.15.0-1036-aws imp:CPython loader -> celery.loaders.app.AppLoader settings -> transport:amqp results:disabled

deprecated_settings: None

coleshaw commented 5 months ago

Curious if you have found a way around this or a fix?

coleshaw commented 5 months ago

For future reference, it seems like the route is configured without the trailing slash, so the trailing slash leads to a 404. I think you have to configure your OAuth redirect_uri to be https://dev.domain.com/flower/login -- that seems to work for me.

EwertonDCSilv commented 4 months ago

@ShaleenAg alguma dica para resolver o problema ?

ShaleenAg commented 4 months ago

@ShaleenAg alguma dica para resolver o problema ?

hey, no, we ended up going with Basic Auth

For future reference, it seems like the route is configured without the trailing slash, so the trailing slash leads to a 404. I think you have to configure your OAuth redirect_uri to be https://dev.domain.com/flower/login -- that seems to work for me.

Weirdly enough, Basic worked just fine, I figured it was an issue with an url redirect, I might take a look at it again and debug it

EwertonDCSilv commented 3 months ago

@ShaleenAg alguma dica para resolver o problema ?

hey, no, we ended up going with Basic Auth

For future reference, it seems like the route is configured without the trailing slash, so the trailing slash leads to a 404. I think you have to configure your OAuth redirect_uri to be https://dev.domain.com/flower/login -- that seems to work for me.

Weirdly enough, Basic worked just fine, I figured it was an issue with an url redirect, I might take a look at it again and debug it

Acabei optando pelo mesmo caminho: basic auth. Como estou protegendo a aplicação com uma VPN, tem algum nível de segurança, mas gostaria de utilizar o SSO do Google para prover autenticação.

Fiz o clone do projeto, tentei fazer alguns testes localmente, mas nada fazia com que o template da pagina de login fosse chamado. Algo no meio do caminho impede o redirecionamento correto da rota /login, mas como não sou especialista em Tornado, não consigo dar um veredito sobre o problema.