gogpat icon indicating copy to clipboard operation
gogpat copied to clipboard

Published 20 hours ago verified publisher icon solidnerd

Unable to create token when using 2FA

Open ulm0 opened this issue 7 years ago • 6 comments

Trying to create a new token when 2FA is enabled gives the following output (I'm using a token previously created via UI on gitlab.com)

gogpat create -u [USER] -p [TOKEN-REDACTED] -a                                                                              [12:51:36]
ERRO[0003] Could find any error field

ulm0 avatar Jan 01 '18 15:01 ulm0

Hey @ulm0, I will have look into this and try reproduce it thanks for adressing this. So the Steps would be to enable an account with 2FA and check if the creation of a token get's passed ?

solidnerd avatar Jan 06 '18 08:01 solidnerd

Yup, pretty much it. Enable 2FA, generate a token via GUI on gitlab.com (because you need a token to authenticate against the API when using 2FA), then attempt to create a new token with gogpat.

ulm0 avatar Jan 06 '18 11:01 ulm0

Hey @ulm0, could you check the current PR if it's working on gitlab.com . I'm pretty sure it's working right now. I need to do some refactoring before merging it into the master branch but a first working version is at the pr now.

solidnerd avatar Jan 07 '18 10:01 solidnerd

Tested and working, you rock!

gogpat create -u ulm0 -p [REDACTED] -a
INFO[0001] Found Two Factor Authentication              
INFO[0001] Please Provide a valid OTP Token to login:   
808751
[TOKEN-GENERATED]

Haven't read the GitLab API docs, but it'd be nice to generate tokens using a token previously generated, so typing an OTP when generating a new token will be no longer needed, like the following

gogpat create -u ulm0 -t cs74tKk9gGxke99WPbGe -a
CMLZc_CyBsLzHWPhDjTx

ulm0 avatar Jan 07 '18 12:01 ulm0

@ulm0 This app scrapes the gitlab site instead of using the direct way of the api because there are no endpoints available for this use case.

I checked a possible solution for you task there is no direct solution because you need to track your created app keys by your self and remember the order of this key to revoke them and you aren't be able to login with the application key on frontend but I found a possible solution it looks like a hard hack to get this feature directly.

solidnerd avatar Jan 07 '18 20:01 solidnerd

I see, i got this idea because i have 2FA enabled and use tokens to update a mirror report on a private gitlab installation i have, in the format https://ulm0:[TOKEN]@git.domain.com/ulm0/project.git According to the Personal access tokens docs

Personal access tokens are the preferred way for third party applications and scripts to authenticate with the GitLab API, if using OAuth2 is not practical.

So i though a previously generated token can be used in this scenario to generate new ones, but as you mentioned the is not using the direct way of the api.

ulm0 avatar Jan 07 '18 22:01 ulm0