plugin-git icon indicating copy to clipboard operation
plugin-git copied to clipboard

Published 20 hours ago verified publisher icon woodpecker-ci

Print useful error message if auth failed due to wrong/missing password

Open 6543 opened this issue 3 years ago • 4 comments 

fatal: could not read Username for 'https://<url>': No such device or address
exit status 128

does not tell you that it simply try to clone without password but it failed because it needs one

6543 avatar Jun 20 '22 15:06 6543

I'm hitting this, do you happen have a solution for this issue? If I understand it correctly, git is trying to clone with http, but failing due to authentication, I feel like it should be allowed to if you register with your forge through oauth2.

e.g I use gitea, and log in to woodpecker with oauth, which works, and woodpecker correctly lists all repos related to my account, however when it tries to actually clone the repo, it fails with the above when trying to access https://<hostname>/<owner>/<repo>//info/refs?service=git-upload-pack.

Also as as side note, is there a way to use ssh for cloning?

FredeHoey avatar Jun 25 '22 17:06 FredeHoey

I have observed the same issue (Using 2.X of the git plugin) and adding some logging output of the server side:

{"level":"error","error":"signature is invalid","time":"2022-12-25T16:20:43Z","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/api/hook.go:131","message":"failure to parse token from hook for test/test"}
{"level":"info","ip":"172.19.0.2","latency":4.25749,"method":"POST","path":"/hook","status":400,"time":"2022-12-25T16:20:43Z","user-agent":"Go-http-client/1.1","time":"2022-12-25T16:20:43Z","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:45"}
{"level":"error","error":"signature is invalid","time":"2022-12-25T16:20:43Z","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/api/hook.go:131","message":"failure to parse token from hook for test/test"}
...

After downgrading to 1.6.1 of the plugin it works. via:

WOODPECKER_DEFAULT_CLONE_IMAGE: woodpeckerci/plugin-git:v1.6.1

in my environment configuration for the server configuration.

khmarbaise avatar Dec 27 '22 09:12 khmarbaise

@khmarbaise that's an unrelated issue (#57), and yes that show that we need a nice error handling

6543 avatar Dec 29 '22 04:12 6543

I just observed this for an arbitrary user :

  1. User is logged in via OIDC/oauth2 and erroneously sets a password in their Forgejo profile
  2. User adds a repo in WP and pushes a very simple "hello world" config
  3. WP seems to try to use the (invalid) PW the user set to clone the repo (which of course fails)

As the user cannot unset the PW themselves, the only way seems to be to either delete the user account (if that doesn't cause too much trouble) or possibly modify the forge DB (though I didn't try this).

I wonder: which authentication logic is used for oauth2 accounts in the first place?

pat-s avatar Feb 12 '25 16:02 pat-s