sonar-auth-gitlab-plugin icon indicating copy to clipboard operation
sonar-auth-gitlab-plugin copied to clipboard

Published 20 hours ago verified publisher icon gabrie-allaigre

Unable to authenticate a user with the last gitlab version: 9.2.2-ee

Open edaubert opened this issue 8 years ago • 4 comments
trafficstars

Hello,

We are using this plugin since one month and everything was great until the last update of gitlab that we applied this week-end. Now, we are not able to authenticate ourselves using this plugin. We try to give more rights by using scope: api instead of scope: read_user but nothing changes. We are using an HTTPS URL for our sonar instance and we use an hosted gitlab instance (githost.io).

Here is the trace we get from https://.../api/system/logs?process=web:

2017.05.29 08:22:38 ERROR web[AVw5a6cdrkJ1qNQEAAYc][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalStateException: Fail to authenticate the user. Error code is 403, Body of the response is {"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
	at com.talanlabs.sonar.plugins.gitlab.auth.GitLabIdentityProvider.callback(GitLabIdentityProvider.java:100)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:90)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:75)
	at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:68)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:76)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.sonar.server.platform.web.RoutesFilter.doFilter(RoutesFilter.java:60)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

Did you have some pointers to help us out ?

edaubert avatar May 29 '17 10:05 edaubert

Hi, Same problems https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/issues/7

gabrie-allaigre avatar May 29 '17 10:05 gabrie-allaigre

Probably some hint here: https://docs.gitlab.com/ce/api/v3_to_v4.html

morph027 avatar May 30 '17 15:05 morph027

Hi, I create a patch https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/releases/download/1.2.2-rc1/sonar-auth-gitlab-plugin-1.2.2-rc1.jar I add option to change scope in Administration. I will ask for the update in SonarQube but it takes a few days.

gabrie-allaigre avatar May 31 '17 12:05 gabrie-allaigre

It works perfectly.

Thanks !

edaubert avatar Jun 11 '17 18:06 edaubert