login-redirect plugin redirects anonymous HTTPS git clone

[Vitaliy Lotorev]

Hi,

I installed login-redirect on Gerrit 3.6. It properly redirects to login page while accessing the change page like <site>/12234.

But now it's not possible to clone anonymously over HTTPS:

$ git clone https://gerrit.<site>.com/project
Cloning into 'project'...
fatal: unable to update url base from redirection:
  asked for: https://gerrit.<site>.com/project/info/refs?service=git-upload-pack
   redirect: https://gerrit.<site>.com/login/%2Fproject%2Finfo%2Frefs%3Fservice%3Dgit-upload-pack

I found filter [1], so git clone doesn't work by plugin design. Could you confirm that?

[1] https://gerrit.googlesource.com/plugins/login-redirect/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java#43

Regards,

Vitaliy

[Rikard Almgren]

On Saturday, 17 September 2022 at 19:10:40 UTC+2 lot...@gmail.com wrote:

Hi,

I installed login-redirect on Gerrit 3.6. It properly redirects to login page while accessing the change page like <site>/12234.

But now it's not possible to clone anonymously over HTTPS:

$ git clone https://gerrit.<site>.com/project
Cloning into 'project'...
fatal: unable to update url base from redirection:
  asked for: https://gerrit.<site>.com/project/info/refs?service=git-upload-pack
   redirect: https://gerrit.<site>.com/login/%2Fproject%2Finfo%2Frefs%3Fservice%3Dgit-upload-pack

I found filter [1], so git clone doesn't work by plugin design. Could you confirm that?

login-redirect was designed for instances without any anonymous access, AFAIK, so yes.

You could possibly fork it to allow clones, but I am not sure why you would need login-redirect if you allow anonymous access?

[1] https://gerrit.googlesource.com/plugins/login-redirect/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java#43

Regards,

Vitaliy

BR,

Rikard

[Vitaliy L.]

воскресенье, 18 сентября 2022 г. в 14:35:14 UTC+3, Rikard Almgren:

On Saturday, 17 September 2022 at 19:10:40 UTC+2 @gmail.com wrote:

Hi,

I installed login-redirect on Gerrit 3.6. It properly redirects to login page while accessing the change page like <site>/12234.

But now it's not possible to clone anonymously over HTTPS:

$ git clone https://gerrit.<site>.com/project
Cloning into 'project'...
fatal: unable to update url base from redirection:
  asked for: https://gerrit.<site>.com/project/info/refs?service=git-upload-pack
   redirect: https://gerrit.<site>.com/login/%2Fproject%2Finfo%2Frefs%3Fservice%3Dgit-upload-pack

I found filter [1], so git clone doesn't work by plugin design. Could you confirm that?

login-redirect was designed for instances without any anonymous access, AFAIK, so yes.

You could possibly fork it to allow clones, but I am not sure why you would need login-redirect if you allow anonymous access?

When an unauthenticated user visits link like <site>/12345 gerrit returns page with confusing "Not found"..

Only in that case I would prefer to redirect user for login page.

Also found this thread https://groups.google.com/g/repo-discuss/c/UAgQ607dOAI/m/wQ_w0Cc2BwAJ

S discussing similar issue.

[Nasser Grainawi]

On Sunday, 18 September 2022 at 13:56:51 UTC-7 lot...@gmail.com wrote:

воскресенье, 18 сентября 2022 г. в 14:35:14 UTC+3, Rikard Almgren:

On Saturday, 17 September 2022 at 19:10:40 UTC+2 @gmail.com wrote:

Hi,

I installed login-redirect on Gerrit 3.6. It properly redirects to login page while accessing the change page like <site>/12234.

But now it's not possible to clone anonymously over HTTPS:

$ git clone https://gerrit.<site>.com/project
Cloning into 'project'...
fatal: unable to update url base from redirection:
  asked for: https://gerrit.<site>.com/project/info/refs?service=git-upload-pack
   redirect: https://gerrit.<site>.com/login/%2Fproject%2Finfo%2Frefs%3Fservice%3Dgit-upload-pack

I found filter [1], so git clone doesn't work by plugin design. Could you confirm that?

login-redirect was designed for instances without any anonymous access, AFAIK, so yes.

You could possibly fork it to allow clones, but I am not sure why you would need login-redirect if you allow anonymous access?

When an unauthenticated user visits link like <site>/12345 gerrit returns page with confusing "Not found"..

Only in that case I would prefer to redirect user for login page.

I don't know if you're still interested in a solution for this or not, but I just created a hacky change that allows git over http(s) to bypass the login redirect.

https://gerrit-review.googlesource.com/c/plugins/login-redirect/+/391934 WIP: Do not redirect git over http

I plan to make that setting a config so that folks who don't want this new behavior can skip it. Or maybe I can re-use the existing DownloadConfig setting? `downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.ANON_HTTP)`

Anyway, feedback on the change or in this thread is welcome.

Nasser