Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitLab authentication issue over HTTPS #11062

Closed
thedayofcondor opened this issue Sep 15, 2022 · 5 comments
Closed

GitLab authentication issue over HTTPS #11062

thedayofcondor opened this issue Sep 15, 2022 · 5 comments
Labels

Comments

@thedayofcondor
Copy link

thedayofcondor commented Sep 15, 2022

I have setup composer (v2.4.2) to access a repo from my test gitlab instance over https:

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://gitlab.example.com/myproject.git"
        }
    ],
    [...]
}

and configured the authentication with: composer config --global gitlab-oauth.gitlab.example.com <<TOKEN>>

(where <<TOKEN>> is generated in GitLab with read_repository scope)

However composer install fails with:

Failed to execute git clone --mirror -- 'https://xxx...xxx:oauth2@gitlab.example.com/myproject.git

It looks like composer swaps username and token, possibly here:

$this->io->setAuthentication($originUrl, trim($output), 'oauth2');

$this->io->setAuthentication($originUrl, $response['access_token'], 'oauth2');

$this->io->setAuthentication($originUrl, $response['access_token'], 'oauth2');

Although there is a relevant note here:

// Composer expects the GitLab token to be stored as username and 'private-token' or 'gitlab-ci-token' to be stored as password

Manually issuing git clone --mirror -- 'https://oauth2:<<TOKEN>>@gitlab.example.com/myproject.git (ie swapping username and token) works.

I also tried composer config --global gitlab-token.gitlab.example.com <<TOKEN>> with similar results:

Failed to execute git clone --mirror -- 'https://xxx...xxx:private-token@gitlab.example.com/myproject.git'

Am I doing something wrong?

@Seldaek
Copy link
Member

Seldaek commented Sep 16, 2022

I am not sure anymore why we swap these tbh.. but I am fairly sure it did work as is. Not sure if it's a new GitLab change causing issues or if you're misconfiguring it. I'm assuming you've read https://getcomposer.org/doc/articles/authentication-for-private-packages.md#gitlab-oauth ?

@thedayofcondor
Copy link
Author

Yes, I followed the instructions on that page :(

I am not sure it is a recent change, I have tested on both gitlab 13 (quite old) and the latest gitlab 15

Note that using "url": "ssh://gitlab.example.com:222/myproject.git" works - although I am not sure how the token is used in that case

@Seldaek
Copy link
Member

Seldaek commented Sep 16, 2022

Ok well I am not sure maybe someone more familiar with GitLab can help here..

@thedayofcondor
Copy link
Author

thedayofcondor commented Sep 16, 2022

I think I have found the isssue - it is a misconfiguration on my side

there is a note I missed in the documentation

Note: For the gitlab authentication to work on private gitlab instances, the gitlab-domains section should also contain the url.

Setting that config seems to work - sorry for the confusion!

Seldaek added a commit that referenced this issue Sep 16, 2022
@Seldaek
Copy link
Member

Seldaek commented Sep 16, 2022

OK, no worries. As per @glaubinix's suggestion in 2.5+ Composer will auto-configure gitlab-domains/github-domains if auth is present, that would prevent any such mistake from occurring.

See 22bedfd

Shredz00 pushed a commit to Shredz00/composer that referenced this issue Sep 26, 2022
…resent for custom domains, fixes composer#11062

Add "--dry-run" to bump command (composer#11047)
emahorvat52 pushed a commit to emahorvat52/composer that referenced this issue Feb 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants