Gitlab API URL is not used

[kakawait]

Using last commit 1875e33 when setting API_Gitlab_URL (I checked on mongo setting is persisted) Gitlab authentication still redirect on https://gitlab.com.

I need to edit https://github.com/RocketChat/Rocket.Chat/blob/master/packages/rocketchat-gitlab/common.coffee#L2 in order to work

[Sing-Li]

@kakawait

You do not need to edit the code.

As administrator. Change it from the GUI Administration -> Accounts -> GITLAB and then SAVE CHANGES ; and you're done.

[kakawait]

@Sing-Li Yeah Accounts section is to set Oauth2 credentials, that is Ok but my problem (on my env) is API section with API_Gitlab_URL.

When setting my own gitlab url aka http://anakin/gitlab and save. When I try to login with Gitlab, popup is redirected to gitlab.com and not mine

[kakawait]

Configuration

Inside mongodb

> db.rocketchat_settings.find()
{ "_id" : "API_Gitlab_URL", "value" : "http://anakin/gitlab/", "i18nLabel" : "rocketchat-gitlab:API_Gitlab_URL", "i18nDescription" : null, "type" : "string", "group" : "API", "public" : true }

result

[Sing-Li]

cool ! 😄 Thanks for the detailed extended information!

We have recently replaced the gitlab-specific oauth handling code with a generalized package.

I've just confirmed the bug on a brand new install. Hopefully @marceloschmidt will see this in the morning.

[marceloschmidt]

It's not that this is a bug. I think we should make this clearer:

The API_Gitlab_URL setting doesn't do anything if you don't have a custom oauth setting.

In Administration / Accounts, the GitLab section will always point to gitlab.com.

If you want to enable logging in with your custom gitlab server, you must add a Custom OAuth with the following settings:

Authorize Path: /oauth/authorize (default)
Identity Path: /api/v3/user
Token Path: /oauth/token (default)

Don't forget to add your rocket.chat instance application in your gitlab server. The Callback URL must be http(s)://[your_rocket_chat_server]/_oauth/[your_custom_oauth_id].

IMPORTANT
When adding your custom oauth, you'll need to first insert an ID for this oauth. We have to work on that dialog, but while we don't, just so you know, the ID must be all lowercase without any spaces.

[rodrigok]

It's a bug @marceloschmidt, I fixed now

You can use the GitLab oAuth setting the API url to point to your server

[kakawait]

but callback url should be http(s)://[your_rocket_chat_server]/_oauth/[your_custom_oauth_id] or http(s)://[your_rocket_chat_server]/_oauth/gitlab?

Actually I'm using second.

[rodrigok]

@kakawait if you setup the gitlab oauth using the section GitLab you should use http(s)://[your_rocket_chat_server]/_oauth/gitlab, if you setup the oauth via a new Custom oAuth, you need to use the name you give to the custom o auth at the end of the url http(s)://[your_rocket_chat_server]/_oauth/[your_custom_oauth_id]

[kakawait]

@rodrigogs I just pull lasted version and yes the popup now redirect to my custom Gitlab. However I got an error and inside log I saw something like

W20150924-11:54:52.487(0) (oauth_server.js:398) Error in OAuth Server: Failed to complete OAuth handshake with gitlab at https://gitlab.com/oauth/token. failed [401] {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}
I20150924-11:54:52.636(0)? Exception while invoking method 'login' Error: Failed to complete OAuth handshake with gitlab at https://gitlab.com/oauth/token. failed [401] {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}
I20150924-11:54:52.637(0)?     at CustomOAuth.getAccessToken (packages/rocketchat:custom-oauth/custom_oauth_server.coffee:70:16)
I20150924-11:54:52.637(0)?     at Object.handleOauthRequest (packages/rocketchat:custom-oauth/custom_oauth_server.coffee:95:23)
I20150924-11:54:52.637(0)?     at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1)
I20150924-11:54:52.637(0)?     at middleware (packages/oauth/oauth_server.js:173:1)
I20150924-11:54:52.637(0)?     at packages/oauth/oauth_server.js:146:1

Some trace of https://gitlab.com/oauth/token? May just log error ?

---

Tested on Gitlab 8 with new application credentials and from scratch rocketchat mongo database

then

see logs before

[kakawait]

If it can help I add log on server console.log options just before https://github.com/RocketChat/Rocket.Chat/blob/master/packages/rocketchat-custom-oauth/custom_oauth_client.coffee#L18

I20150924-12:18:39.365(0)? { serverURL: 'https://gitlab.com',
I20150924-12:18:39.366(0)?   identityPath: '/api/v3/user',
I20150924-12:18:39.366(0)?   addAutopublishFields: 
I20150924-12:18:39.366(0)?    { forLoggedInUser: [ 'services.gitlab' ],
I20150924-12:18:39.366(0)?      forOtherUsers: [ 'services.gitlab.username' ] } }

I20150924-12:18:39.370(0)? { serverURL: '',
I20150924-12:18:39.370(0)?   identityPath: '/oauth/me',
I20150924-12:18:39.370(0)?   addAutopublishFields: 
I20150924-12:18:39.370(0)?    { forLoggedInUser: [ 'services.wordpress' ],
I20150924-12:18:39.370(0)?      forOtherUsers: [ 'services.wordpress.user_login' ] } }

I20150924-12:18:39.971(0)? { serverURL: 'http://anakin.ux.dsone.3ds.com/gitlab/',
I20150924-12:18:39.971(0)?   identityPath: 'https://gitlab.com/api/v3/user',
I20150924-12:18:39.971(0)?   addAutopublishFields: 
I20150924-12:18:39.971(0)?    { forLoggedInUser: [ 'services.gitlab' ],
I20150924-12:18:39.971(0)?      forOtherUsers: [ 'services.gitlab.username' ] },
I20150924-12:18:39.971(0)?   tokenPath: 'https://gitlab.com/oauth/token' }

[marceloschmidt]

Did you restart your server after that? I had a similar issue with github integration, and it worked after a restart.

[kakawait]

@marceloschmidt

docker rm -f rocketchat-db
docker rm -f rocketchat
docker run --name rocketchat-db -p 27018:27017 -d mongo
docker run -d --name rocketchat -p 3000:3000 -v "$(pwd)":/app --net host -e "MONGO_URL=mongodb://localhost:27018" -e "ROOT_URL=http://some.url.here:3000" danieldent/meteor

Same problem with 100% fresh installation

[marceloschmidt]

After changing your gitlab api url in administration/settings, restart your rocket.chat server, so it can read the settings again. We'll fix that on #849.

[kakawait]

@marceloschmidt even after restarting server

docker restart rocketchat

or

docker rm -f rocketchat
docker run -d ...

error persists. But it may possible that #849 fix problem, I don't know but unlike API_Embed settings restarting server is not enough

[marceloschmidt]

Sorry then! I thought it could be related to what I'm having with wordpress... If I find a fix for WP, I'll let you know, so you can re-test...

[kakawait]

@rodrigok if you are ok to reopen issue?

[marceloschmidt]

@kakawait do you have access to the main repo? can you pull my changes from a minute ago and give it another try?

[clenemt]

very nice @kakawait 👍

[marceloschmidt]

@kakawait can you please test again? Thanks

[kakawait]

Using last commit 51c242c it works except from fresh install. I must restart server else I have this error

W20150925-07:37:05.845(0) (oauth_server.js:398) Error in OAuth Server: Failed to complete OAuth handshake with gitlab at /oauth/token. url must be absolute and start with http:// or https://
I20150925-07:37:05.987(0)? Exception while invoking method 'login' Error: Failed to complete OAuth handshake with gitlab at /oauth/token. url must be absolute and start with http:// or https://
I20150925-07:37:05.987(0)?     at CustomOAuth.getAccessToken (packages/rocketchat:custom-oauth/custom_oauth_server.coffee:69:16)
I20150925-07:37:05.988(0)?     at Object.handleOauthRequest (packages/rocketchat:custom-oauth/custom_oauth_server.coffee:94:23)
I20150925-07:37:05.988(0)?     at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1)
I20150925-07:37:05.988(0)?     at middleware (packages/oauth/oauth_server.js:173:1)
I20150925-07:37:05.988(0)?     at packages/oauth/oauth_server.js:146:1

[rodrigok]

@kakawait is it working now?

[kakawait]

@rodrigok using 20e768c same error as #861 (comment) using fresh install (aka empty db)

docker rm -f rocketchat-db
docker rm -f rocketchat
docker run -d --name rocketchat-db ...
docker run -d --name rocketchat ...

[knvpk]

Same issue for me, using custom gitlab server but getting the "Internal server error"

[gcstr]

It's happening here with me too, I believe it's something related to the port. I'm running Rocket in port 80 but it stills build the redirect URI with :3000 port

[dalenoe]

I subscribed. I am dealing with something similar...

[marceloschmidt]

I've made a few more tests and it seems to be working now. Please, whoever was having problem with it, can you test again? Thanks.

[jmatsushita]

Using 0.18.1 I encountered the exact same error message than this comment and restarting the server also solved it.

[0r]

Any tips for getting oauth working where Rocket.Chat and Gitlab are installed on the same server with Gitlab installed at the root url and Rocket.Chat in a relative url /chat ?

[askannon]

FYI: the issue outlined in #861 (comment) still persists in version 0.35.0. It gets fixed by a server restart tho.
IMHO if it can't be fixed it should at least be documented that OAuth with a private GitLab instance only works after a Rocket.Chat server restart.