如何配置gerrit github插件以正确适应oauth代码流

时间:2016-04-03 20:31:52

标签: oauth gerrit

使用https://gerrit-ci.gerritforge.com/job/plugin-github-mvn-stable-2.12/中的Github插件运行Gerrit v.2.1.2.2。

基本上,gerrit包括一个状态"当它进入Github oauth时,然后当Github正确地将场地送回时,Gerrit抱怨说应该没有这样的场。看起来像Gerrit中的一个非常简单的错误。

Gerrit配置:

[gerrit]
        basePath = git
        canonicalWebUrl = https://gerrit.mydomain.org/
[database]
        type = postgresql
        hostname = localhost
        database = reviewdb
        username = gerrit2
[index]
        type = LUCENE
[auth]
        type = HTTP
        httpHeader = GITHUB_USER
        logoutUrl = /oauth/reset
        httpExternalIdHeader = GITHUB_OAUTH_TOKEN
        loginUrl = /login
        loginText = Sign-in with GitHub
        registerPageUrl = "/#/register"
[receive]
        enableSignedPush = false
[sendemail]
        smtpServer = localhost
[container]
        user = gerrit2
        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.72-1.b15.fc22.x86_64/jre
[sshd]
        listenAddress = *:29418
[httpd]
        filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter
        listenUrl = proxy-http://127.0.0.1:8081/r/
[cache]
        directory = cache
[github]
        url = https://github.com
        apiUrl = https://api.github.com
        clientId = <myclientid>

在Apache mod_proxy下运行Gerrit。单击&#34;使用Github登录&#34;按钮,重定向到Github,登录并授权应用程序,这是回调URL:

https://gerrit.mydomain.org/oauth?code=a9d9633f80f742599ea0&state=Q00fnnr9D1z_maGTWeqSDgmIedk%3D%2C%2Fr%2Flogin

页面上写着:

Server Error

日志中的错误是:

[2016-04-03 16:23:28,787] [HTTP-45] WARN  org.eclipse.jetty.servlet.ServletHandler : /r/oauth
java.io.IOException: Invalid authentication state: expected 'null' but was 'Q00fnnr9D1z_maGTWeqSDgmIedk=,/r/login'
    at com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.loginPhase2(OAuthProtocol.java:356)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:100)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:123)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:89)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:86)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)


[2016-04-03 16:23:28,791] [HTTP-45] ERROR com.google.gerrit.pgm.http.jetty.HiddenErrorHandler : Error in GET /r/oauth?code=a9d9633f80f742599ea0&state=Q00fnnr9D1z_maGTWeqSDgmIedk%3D%2C%2Fr%2Flogin
java.io.IOException: Invalid authentication state: expected 'null' but was 'Q00fnnr9D1z_maGTWeqSDgmIedk=,/r/login'
    at com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.loginPhase2(OAuthProtocol.java:356)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:100)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:123)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:89)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:86)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)

任何建议?

1 个答案:

答案 0 :(得分:0)

好的,你的mod_proxy的URL必须与gerrit在内部接收的URL相同。例如。 “https://example.com/” - &gt; “http://localhost:8081/”,一方面没有类似“/ r /”的东西,它会让人感到困惑。