Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reauth Gitlab doesn't work v.2.34.2 (and lower) #10171

Open
G1P0 opened this issue May 9, 2024 · 2 comments
Open

Reauth Gitlab doesn't work v.2.34.2 (and lower) #10171

G1P0 opened this issue May 9, 2024 · 2 comments
Labels
bug

Comments

@G1P0
Copy link

G1P0 commented May 9, 2024

Hi. I use DefectDojo without SSL in my local environment for educational purpose.

There's bug: OAuth 2.0 through Gitlab doesn't work when you try to "Login with Gitlab" for the second time. First time - it's done, it's ok.
But for the second time (e.g. I've added new repositories in local gitlab and I need to sync them) - there's 500 Internal Server Error.

Steps to reproduce the behavior:

  1. Add new app in Gitlab for DD
  2. Add gitlab's env in DD's docker-compose (key, secret, api_url, aouth_enabled, auto_import, scope)
  3. Click on "Login with Gitlab" -> approve auth on local gitlab -> it's done, everything works
  4. Logout from Gitlab user
  5. Login with Gitlab again -> approve auth on local gitlab -> 500 Internal Server Error
  • [ X ] Docker Compose

Operating System: Ubuntu Server 22.04
Bug's DefectDojo is somewhere between 2.33.0 and 2.34.2
Worked Defectdojo 2.33.0

Logs from uwsgi:

with self.db.wrap_database_errors:
  File "/usr/local/lib/python3.11/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django.db.utils.IntegrityError: duplicate key value violates unique constraint "social_auth_usersocialauth_provider_uid_e6b5e668_uniq"
DETAIL:  Key (provider, uid)=(gitlab, 1) already exists.

[pid: 1|app: -|req: -/-] 192.168.56.1 (-) {48 vars in 1418 bytes} [Thu May  9 11:02:44 2024] GET /complete/gitlab/?code=*token* Id => generated 12833 bytes in 217 msecs (HTTP/1.1 200) 7 headers in 223 bytes (1 switches on core 0)

In v. 2.33.0 everything worked fine.
e.g. logs with the reproduced steps:

# I logout after successful Gitlab login 
logout user: **gitlab-user** via ip: 192.168.56.1
GET /logout => generated 0 bytes in 27 msecs (HTTP/1.1 302) 10 headers in 549 bytes (1 switches on core 1)

# I login again through "Login with Gitlab" and it's auth without any problem
GET /login => generated 16301 bytes in 20 msecs (HTTP/1.1 200) 11 headers in 579 bytes (1 switches on core 0)
GET /login/gitlab/?next= => generated 0 bytes in 19 msecs (HTTP/1.1 302) 11 headers in 798 bytes (1 switches on core 1)
login user: **gitlab-user** via ip: 192.168.56.1
GET /complete/gitlab/?code=**token** => generated 0 bytes in 959 msecs (HTTP/1.1 302) 12 headers in 638 bytes (1 switches on core 0)
GET / => generated 0 bytes in 18 msecs (HTTP/1.1 302) 8 headers in 244 bytes (1 switches on core 1)
GET /dashboard => generated 43173 bytes in 127 msecs (HTTP/1.1 200) 8 headers in 368 bytes (1 switches on core 0)
@G1P0 G1P0 added the bug label May 9, 2024
@Brawdunoir
Copy link

Exact same error on Kubernetes. Reverting to 2.33.0 fixed the issue as OP said.

@Ma1tobiose
Copy link
Contributor

Encountered the same problem, temporarily solved it by downgrading the versions of social-app-django and social-core

social-auth-app-django==5.4.0
social-auth-core==4.5.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ma1tobiose @Brawdunoir @G1P0