Plugin Manager Auth Issue

[Joseph Rubin]

I have the plugin manager plugin, but when I try to use it to install a plugin, it asks me to authenticate via a browser popup (I use HTTP auth). I am already signed in at this point, and I am unable to get past this second auth popup; putting in my username and password does not work.

My apache2 configuration looks like:

<VirtualHost *>

        ServerName [redacted]

        ProxyRequests Off

        ProxyVia Off

        ProxyPreserveHost On

        <Proxy *>

                Order deny,allow

                Allow from all

        </Proxy>

        <Location "/healthCheck">

                # Load balancer health checks.

                Order deny,allow

                Allow from all

                Satisfy any

                RedirectMatch 200 /healthCheck

        </Location>

        <Location "/">

                AuthType Basic

                AuthName "Gerrit Code Review"

                AuthBasicProvider file

                AuthUserFile "[redacted]"

                Require valid-user

        </Location>

        AllowEncodedSlashes On

        ProxyPass / http://localhost:8081/ nocanon

</VirtualHost>

[Luca Milanesio]

> On 16 Sep 2020, at 06:43, Joseph Rubin <josephm...@gmail.com> wrote:
>
> I have the plugin manager plugin, but when I try to use it to install a plugin, it asks me to authenticate via a browser popup (I use HTTP auth).

It looks like this is something related to your reverse-proxy basic auth mechanism: Gerrit would have accepted the call because you have a Gerrit Account cookie, isn’t it?
Can you post the sequence of browser to backend calls, tracing them with the Chrome network inspector?

A quick fix is to exclude from your basic auth resources the REST-API associated with the plugin-manager.

HTH

Luca.

[Joseph Rubin]

I figured it out. The whole /a/ directory was being protected by Gerrit. I set auth.trustContainerAuth to true and now Gerrit trusts apache. Thanks!