Bitbucket / GitHub / Google authentication plugins: wrong callback URL for unauthorized users

[rba...@gmail.com]

Hello,

I'm running SonarQube 6.1 behind an NGINX HTTPS reverse proxy. My SonarQube base URL is https://<myhost>/sonar

I've just installed the Bitbucket Authentication Plugin version 1.0 (very convenient, many thanks to the developer) and configured it so that only existing users are allowed to authenticate. Everything seems to work fine for authorized users, which makes me believe my reverse proxy setup is ok. But when I try to login as an unauthorized Bitbucket user I get a 404 error. The callback redirects me to http://<myhost>/sessions/unauthorized?message=%27bitbucket%27+users+are+not+allowed+to+sign+up (notice the protocol change and missing /sonar location) and then NGINX redirects me to the corresponding HTTPS URL, which doesn't exist. If I manually hit https://<myhost>/sonar/sessions/unauthorized?message=%27bitbucket%27+users+are+not+allowed+to+sign+up I get a nice unauthorized page, so I guess that's where I was supposed to be redirected to.

I have set the sonar.core.serverBaseURL property as the plugin documentation requires.

I also noticed the same issue has been reported and is still open in the sonar-auth-google plugin, which, according to the documentation, is a port of the sonar-auth-github plugin. So I tried the sonar-auth-github plugin version 1.3 in a fresh SonarQube installation and got the exact same error.

This issue is not a show-stopper, but I figured it might be helpful to report it anyway.

[rba...@gmail.com]

I managed to fix the error by changing method handleUnauthorizedError in org.sonar.server.authentication.AuthenticationError.

Before the fix:

public static void handleUnauthorizedError(UnauthorizedException e, HttpServletResponse response) {
  redirectTo(response, e.getPath());
}

After the fix:

public static void handleUnauthorizedError(UnauthorizedException e, HttpServletRequest request, HttpServletResponse response) {
  redirectTo(response, request.getContextPath() + e.getPath());
}

I've tested it with the Bitbucket Authentication Plugin, but it should be equally effective for other similar plugins such as GitHub and Google.

Should I submit a pull request for this?

[G. Ann Campbell]

Hi,

In fact, that repo is a plugin in search of a maintainer.

You're welcome to submit a PR, but I'm afraid there won't be anyone on the other side to review it.

...Unless you'd be interested in being that person?

Ann

[Julien Lancelot]

Hi,

In fact @Ann this issue is on SonarQube side, not on plugin side : I've created a ticket to fix it in SonarQube 6.3 : https://jira.sonarsource.com/browse/SONAR-8413.

Thanks a lot rbarni for this feedback !

Regards,

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/bc30b172-7bb5-4ffb-b4c1-e849eff15686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Julien LANCELOT | SonarSource

http://sonarsource.com

[Rafael Barni]

Great, thanks!

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/bc30b172-7bb5-4ffb-b4c1-e849eff15686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.