Develop Reference

SonarQube delegate authentication to GitLab fail [404 not found]

Context:
Sonarqube: 9.2.4.50792 --> https://sonar.dev.mycompany.com/
Gitlab: 13.4.3-ee --> http://git.mycomany.com/
What I am trying to achieve:
I try to delegate SonarQube authentication to Gitlab Self-Hosted.
What I've done:
Following the official SonarQube documentation, I've created a "GitLab OAuth app":
Went to http://git.mycompany.com/admin/applications
New Application:
Name: SonarQube
Redirect URI: https://sonar.dev.mycompany.com/oauth2/callback/gitlab
Trusted: Checked
Confidential: Checked
Scopes: all checked, to be sure my issue was not an access issue. (I'll tune it later)
I have copied both Application ID and Secret to use later.
Went to https://sonar.dev.mycompany.com/admin/settings?alm=gitlab&category=almintegration
GitLab Authentication:
Enabled: Yes, of course
GitLab URL: http://git.mycompany.com/users/auth/gitlab/callback
Application ID: The one given by GitLab during step 2
Secret: The one given by GitLab during step 2
Allow users to sign-up: Enabled
Synchronize user groups: Enabled
Disconnected to my admin account
The new Log in with GitLab is well shown:
When I clicked on this new button, I was well redirected to my GitLab instance (URL: http://git.mycompany.com/users/sign_in).
I was using my GitLab credentials then clicked on "Sign in"
I've got a GitLab 404 error page:
The URL was:
http://git.mycompany.com/users/auth/gitlab/callback/oauth/authorize?response_type=code&client_id=<MY_APPLICATION_ID>&redirect_uri=http%3A%2F%2Fsonar.dev.mycompany.com%3A9000%2Foauth2%2Fcallback%2Fgitlab&scope=api&state=ai1rq82joi504ggv3nc1qa0h29
The redirect_uri seems to be constructed with my sonar.properties informations (html_encoded):
"http://" + sonar.web.host + ":" sonar.web.port + "oauth2/callback/gitlab"
Investigation:
While I'm reproducing this error, I'm following (tail -f) some log files:
root#sonar.dev.mycompany.com: tail -f /var/log/httpd/*_log /var/log/message /home/sonar/sonarqube/logs/*.log
As expected, there is no information regarding the error 404 on GitLab.
On my GitLab server :
root#git.mycompany.com: tail -f /var/log/httpd/*_log /var/log/message /var/log/gitlab/*/current
And a message appears:
==> /var/log/gitlab/gitlab-workhorse/current <==
{
"correlation_id":"ZUVztnRFFe9",
"duration_ms":62,
"host":"git.mycompany.com",
"level":"info",
"method":"GET",
"msg":"access",
"proto":"HTTP/1.1",
"referrer":"",
"remote_addr":"127.0.0.1:0",
"remote_ip":"127.0.0.1",
"status":404,
"system":"http",
"time":"2022-01-19T18:06:47+01:00",
"uri":"/users/auth/gitlab/callback/oauth/authorize?response_type=code\u0026client_id=<MY_APPLICATION_ID>\u0026redirect_uri=http%3A%2F%2Fsonar.dev.mycompany.com%3A9000%2Foauth2%2Fcallback%2Fgitlab\u0026scope=api\u0026state=16r2cvc196v4fj8k0rv7oprs6h",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Edg/97.0.1072.62",
"written_bytes":28281
}
Is there anyone who can help me?

Your Redirect URL is http and your sonarqube https... I hope you get the problem

Fileupload in Flask/ShinyProxy

uploading a file via a form/POST request in my Flask app works fine when the app is executed directly but fails when Shinyproxy hosts the Flask app. I tracked the issue down to the point that Shinyproxy is not executing the form POST request properly:
app.py:
from flask import Flask, request, render_template
app = Flask(__name__, static_url_path="/static")
#app.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'GET':
return render_template('index.html')
else:
return "POST request received"
app.run(host='0.0.0.0', port=3838)
index.html:
<html>
<body>
<form method=post enctype=multipart/form-data>
<input type="file" name="file"/>
<input type = "submit" value="Upload">
</form>
</body>
</html>
returns, after clicking on "Upload", what one would expect, the GET and the POST request:
10.81.71.42 - - [23/Dec/2019 14:37:28] "GET / HTTP/1.1" 200 -
10.81.71.42 - - [23/Dec/2019 14:37:30] "POST / HTTP/1.1" 200 -
Running the exact same app in Shinyproxy via the
Dockerfile
FROM python:3
RUN pip install flask werkzeug
RUN mkdir /templates
COPY ["index.html", "/templates"]
COPY app.py /
EXPOSE 3838
CMD ["python", "app.py"]
returns the same but without the POST line:
172.17.0.1 - - [23/Dec/2019 14:39:42] "GET / HTTP/1.1" 200 -
The shinyproxy.log says
2019-12-23 14:42:33.682 DEBUG 17832 --- [XNIO-2 I/O-1] io.undertow.server.handlers.proxy : Sent request ClientRequest{path='/', method=POST, protocol=HTTP/1.1} to target 10.81.71.42 for exchange HttpServerExchange{ POST /proxy_endp
oint/b933863e-9fad-4d00-a657-034ede313e34/ request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[de-DE,de;q=0.9,en-US;q=0.8,en;q=0.
7], Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate], Origin=[http://192.168.76.81:8080], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36], Connectio
n=[keep-alive], Content-Length=[188], Content-Type=[multipart/form-data; boundary=----WebKitFormBoundarymPv6WtCTpGZQqRbF], Cookie=[JSESSIONID=CZxjGBM7BW597wysbBABgNWZL2x7qvsfujWVERgR], Referer=[http://192.168.76.81:8080/app_direct/flask_t
est/], Upgrade-Insecure-Requests=[1], Host=[192.168.76.81:8080]} response {Expires=[0], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], X-XSS-Protection=[1; mode=block], X-Content-Type-Options=[nosniff], Pragma=[no-cache]}
}
2019-12-23 14:42:33.683 DEBUG 17832 --- [XNIO-2 I/O-1] io.undertow.request.io : Fixed length stream closed with with 188 bytes remaining
2019-12-23 14:42:33.683 DEBUG 17832 --- [XNIO-2 I/O-1] i.u.client.http.HttpClientExchange : request terminated for request to localhost/127.0.0.1:20000 /
2019-12-23 14:42:33.683 ERROR 17832 --- [XNIO-2 I/O-1] io.undertow.proxy : UT005028: Proxy request to /proxy_endpoint/b933863e-9fad-4d00-a657-034ede313e34/ failed
io.undertow.server.TruncatedResponseException: null
Does anybody have an idea how I can host this app in shinyproxy (or otherwise)? I want to enable concurrent users to upload files and not using the same docker container/not interfere with each other.
Thanks and kind regards,
shosaco

That is a bug in Shinyproxy 2.2.0 and 2.3.0. Reverting to ShinyProxy 2.1.0 solves the problem, see https://github.com/openanalytics/shinyproxy/issues/184

Rails 4: Using locales in a sub-URI app with Passenger/NGINX

I have an app that lives in a sub-URI, http://myhost/app2. I'm having a hard time figuring out how I can configure the proper locale routing for this.
I've put this in routes.rb I've tried with both:
Rails.application.routes.draw do
get '' => redirect("/#{I18n.default_locale}")
scope "/:locale", locale: /#{I18n.available_locales.join("|")}/ do
root 'index#home'
end
end
as well as:
Rails.application.routes.draw do
prefix = Rails.application.config.relative_url_root
get "#{prefix}" => redirect("#{prefix}/#{I18n.default_locale}")
scope "#{prefix}/:locale", locale: /#{I18n.available_locales.join("|")}/ do
root 'index#home'
end
end
In my production.rb file, I have: config.relative_url_root = "/app2"
My nginx.conf file (taken from the Phusion Passenger docs):
http {
...
server {
...
location ~ ^/app2(/.*|$) {
alias /home/dani/app2/public$1;
passenger_base_uri /app2;
passenger_app_root /home/dani/app2/;
passenger_document_root /home/dani/app2/public/;
passenger_enabled on;
}
}
}
When I try accessing http://myhost/app2 in production, I get a Rails error page that says "The page you were looking for doesn't exist."
My production.log file looks like this with every request I make:
I, [2014-09-01T12:22:56.050499 #15230] INFO -- : Started GET "/app2" for myipaddress at 2014-09-01 12:22:56 -0400
I looked at the nginx access.log file and I see the following:
[01/Sep/2014:12:26:04 -0400] "GET /app2 HTTP/1.1" 301 91 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0"
[01/Sep/2014:12:26:04 -0400] "GET /en HTTP/1.1" 404 1351 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0"
So redirection from /app2 to /en is occurring but myhost/en doesn't resolve to anything on this setup, it should be myhost/app2/en.
Any advice would be helpful.
Note: Everything works fine in development.

File upload not working with Rails 4 in development using Pow and Nginx

I am using Pow and Nginx to serve my Rails 4 app in development. A simple file upload is returning 500 error and the request is not reaching the Rails controller. I assume this is the case because there is no mention of the request in the Rails log. Without any mention of the error, I am not sure what is going wrong here.
I started with an Ajax file upload but replaced it with a simple form which is also not working.
Tried this
and then went to this
Current avatar.html.erb
<%= form_for #user, html: { multipart: true }, method: "post", url: '/settings/avatar/update', class: "", id: "update_avatar" do |f| %>
<%= f.file_field :avatar, class: 'js-upload-photo-button js-change-avatar-btn', accept: 'image/png,image/gif,image/jpeg,image/jpg' %>
<%= f.submit "Upload" %>
<% end %>
Request headers in Chrome
Expanded Request Headers section
nginx.log
127.0.0.1 - - [01/Feb/2014:11:28:26 +0530] "POST /settings/avatar/update HTTP/1.1" 500 643 "https://allotrop.dev/settings/avatar" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
pow access.log
[Sat Feb 01 2014 11:28:26 GMT+0530 (IST)] INFO [127.0.0.1] GET allotrop.dev /500.html
There are other questions here about Rails returning 500 error with no mention in log rails 500 error no production log entry
, Rails 3.2.13, 500 error in development with no log
and How to properly diagnose a 500 error (Rails, Passenger, Nginx, Postgres)
But these are one-off errors and do not seem related to the problem I am facing. It would be great if anyone can point me in the right direction.
Update 1
Relevant line from routes.rb
post '/settings/avatar/update', to: 'settings#update_avatar'
Update 2
Found my nginx error log. BTW, if you are using Homebrew, it is at /usr/local/Cellar/nginx/1.4.0/logs/error.log
nginx/error.log
2014/02/01 13:05:54 [crit] 8787#0: *85813 open() "/usr/local/var/run/nginx/client_body_temp/0000000010" failed (13: Permission denied), client: 127.0.0.1, server: *.dev, request: "POST /settings/avatar/update HTTP/1.1", host: "allotrop.dev", referrer: "https://allotrop.dev/settings/avatar"

The problem is not with Rails but with Nginx which is pretty evident from the nginx error.log. This question helped me understand what I was dealing with - Rails 3 + carrierwave + nginx = permission denied.
Nginx uses the client_body_temp_path directive to specify the location where it will temporarily store the uploaded files from the user request. Homebrew had set it by default to /usr/local/var/run/nginx. This folder also contains fastcgi_temp, proxy_temp, scgi_temp and uwsgi_temp for me. Nginx worker processes run with user nobody and they were not able to access these folders. I chowned all these folders to the nobody user, but that did not help.
Finally, I did
client_body_temp_path /tmp/nginx/; inside the HTTP module of my nginx.conf to make it work.
Doing a ls -l shows
drwx------ 2 nobody wheel 68 Feb 1 14:44 nginx
I am not sure why this worked inside /tmp and not inside the original /var/run/nginx. I belive I will face similar issue when I use other temp folders or in production. Will update this thread if and when that happens.
I recommend symlinking the other relevant logs like the nginx access and error log, pow access and app log to the /log directory of your Rails app. It helps in looking up errors in one of these when you face a tricky bug.

Apache Wink Accept() fails with NullPointerException

I am deploying my RESTful web application on jBoss EAP 6.1 (7.2.1Final) with Wink 1.2 and getting following exception on all the request;
<b>JBWEB000070: exception</b>
<pre>java.lang.NullPointerException
org.apache.wink.common.internal.http.Accept.valueOf(Accept.java:139)
org.apache.wink.server.internal.contexts.HttpHeadersImpl.getAcceptHeader(HttpHeadersImpl.java:152)
org.apache.wink.server.internal.contexts.HttpHeadersImpl.getAcceptableMediaTypes(HttpHeadersImpl.java:106)
org.apache.wink.server.internal.registry.ResourceRegistry.filterByProduces(ResourceRegistry.java:558)
org.apache.wink.server.internal.registry.ResourceRegistry.filterDispatchMethods(ResourceRegistry.java:482)
org.apache.wink.server.internal.registry.ResourceRegistry.findMethod(ResourceRegistry.java:359)
org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleResourceMethod(FindResourceMethodHandler.java:138)
org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleRequest(FindResourceMethodHandler.java:65)
org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
org.apache.wink.server.internal.handlers.FindRootResourceHandler.handleRequest(FindRootResourceHandler.java:95)
org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
The same application works OK on previous versions of jBoss like EAP 5.1 and old.
I have also captured the posted request using tcpmon and getting following information in headers;
GET /hothouse-iris/Hothouse.svc/ HTTP/1.1
Host: 127.0.0.1:9090
Connection: keep-alive
Authorization: Basic U1NPVVNFUjE6MTIzNDU2
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36
Content-Type: application/atom+xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: JSESSIONID=8D9FE5379FE7576610BB4B78A431AD10; __utma=96992031.2145502422.1381922298.1382004674.1382006170.4; __utmc=96992031; __utmz=96992031.1381922298.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
I am using Chrome extension POSTMan to request my service and it works.

The problem is that initialization of Accept class does not actually happen, and the delegate field is null.
The RuntimeDelegate is an interface whose implementation should be specified in META-INF/service/javax.ws.rs.ext.RuntimeDelegate file which is searched on the class path.
wink-common.jar contains such a service file with the correct class name of the implementation but if some other service file with the same name is found on class path (on of the jars) before the correct one, we will have such a weird behavior.

The problem was that JAX-RS implementation provided by jboss 7 was conflicting with Apache Wink, we had to disable jboss impl completely by commenting the contents of module.xml under JBOSS_HOME\modules\system\layers\base\javax\ws\rs\api\main to stop loading the Jboss JAX-RS API and it worked fine

This error is caused by the jar file conflict.I deleted jetty.jar,jetty-util.jar and also deleted jsr305.jar,the REST API just work fine.

On WAS8.5 liberty profile, even after I removed the wink dependency causing the error, the error would not go away. It finally turned out that I needed to stop & start my server. The solution was posted at the very bottom of this link https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014940544