Skip to content

serviceAccount user is facing login issue redirect back to codecov page #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
meenajaeiei opened this issue Jan 7, 2025 · 0 comments
Open

serviceAccount user is facing login issue redirect back to codecov page #51

meenajaeiei opened this issue Jan 7, 2025 · 0 comments

Comments

@meenajaeiei
Copy link

Hello, I'm trying to upgrade Codecov self-hosted from version 4.6 to 24.12.2. It is working fine for many users. However, when I tried to impersonate a user as svcAccount, which owns 3000+ repos in Gitlab Enterprise, to log in to Codecov, it always redirected back to the Codecov login page.

I recorded the screen when Login by using common user to show it's working well

Screen.Recording.2568-01-07.at.14.42.33.mov

but it redirect back to codecov page When I imposinated users as serviceAccount

Screen.Recording.2568-01-07.at.14.44.09.mov

As I checked the log so far, I found an error during Login

{"message": "GitLab HTTP 400", "asctime": "2025-01-07 05:08:45,121", "name": "shared.torngit.gitlab", "levelname": "WARNING", "lineno": 449, "pathname": "/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py", "funcName": "fetch_and_handle_errors", "threadName": "ThreadPoolExecutor-314_0", "taskName": "Task-5722", "body": "{\"error\":\"invalid_grant\",\"error_description\":\"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.\"}", "utctime": "2025-01-07T05:08:45.121000", "logger.name": "shared.torngit.gitlab", "logger.thread_name": "ThreadPoolExecutor-314_0", "level": "WARNING"}

{"message": "Unable to log in due to problem on Gitlab", "asctime": "2025-01-07 05:08:45,122", "name": "codecov_auth.views.gitlab", "levelname": "WARNING", "lineno": 76, "pathname": "/app/codecov_auth/views/gitlab.py", "funcName": "actual_login_step", "threadName": "MainThread", "exc_info": "Traceback (most recent call last):\n  File \"/app/codecov_auth/views/gitlab.py\", line 74, in actual_login_step\n    user_dict = self.fetch_user_data(request, code)\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/asgiref/sync.py\", line 240, in __call__\n    return call_result.result()\n           ^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/concurrent/futures/_base.py\", line 449, in result\n    return self.__get_result()\n           ^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/concurrent/futures/_base.py\", line 401, in __get_result\n    raise self._exception\n  File \"/usr/local/lib/python3.12/site-packages/asgiref/sync.py\", line 306, in main_wrap\n    result = await self.awaitable(*args, **kwargs)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/views/gitlab.py\", line 61, in fetch_user_data\n    user_dict = await repo_service.get_authenticated_user(code)\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py\", line 592, in get_authenticated_user\n    res = await self.api(\n          ^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py\", line 529, in api\n    res = await self.fetch_and_handle_errors(\n          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py\", line 473, in fetch_and_handle_errors\n    raise TorngitClientGeneralError(\nshared.torngit.exceptions.TorngitClientGeneralError: (400, {'error': 'invalid_grant', 'error_description': 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'}, 'Gitlab API: 400')", "taskName": null, "utctime": "2025-01-07T05:08:45.122000", "logger.name": "codecov_auth.views.gitlab", "logger.thread_name": "MainThread", "level": "WARNING"}

{"message": "Warning: login request is missing state or has disagreeing state", "asctime": "2025-01-07 05:09:02,314", "name": "codecov_auth.views.base", "levelname": "WARNING", "lineno": 141, "pathname": "/app/codecov_auth/views/base.py", "funcName": "get_redirection_url_from_state", "threadName": "MainThread", "taskName": null, "utctime": "2025-01-07T05:09:02.314000", "logger.name": "codecov_auth.views.base", "logger.thread_name": "MainThread", "level": "WARNING"}

here is my codecov.yml

gitlab_enterprise:
  client_id: xxxx
  client_secret: xxxxx
  url: https://<GITLAB_ENDPOINT>
services:
  ci_providers:
  - <GITLAB_ENDPOINT>
  database_url: postgres://codecov:xxxx@postgres:5432/codecov_stg
  minio:
    access_key_id: XXXX
    bucket: xxxx
    host: xxx
    port: 443
    region: RegionOne
    secret_access_key: xxx
    verify_ssl: true
  redis_url: redis://codecov-redis-master:6379
  timeseries_database_url: postgres://codecov:xxxx@postgres/codecov_stg:5432/postgres
setup:
  guest_access: on
  admins:
  - service: gitlab_enterprise
    username: pchueaphanic
  - service: gitlab_enterprise
    username: gitlab-svc
  codecov_url: https://<CODECOV_ENDPOINT>
  enterprise_license: c2IpSIr/1Wwn4FNbhRENJNCqEkKVyWNJHTl2csmxUiVatSA0Yqqn+QY2Ys4hagKPGvzgtD6y7IdnwUc0JA2L7tTfIfH3nLC62SHwmZhfNHjWM2viBAjwUGiVc91msxbehcjuBrKOWvMfWgFZiltIA3cwrfkwyuIl9tcnvHd9grz5+SSisr6vMTTo8hlhLWIOeQQ6ywh1c+cDggCvpUpafQ==
  http:
    cookie_secret: xxxxx
    cookies_domain: <GITLAB_ENDPOINT>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@meenajaeiei