Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Universal Gitea OAuth configuration uses wrong endpoints if gitea uses a subfolder #1650

Open
Trellmor opened this issue Jul 4, 2024 · 2 comments
Open

Universal Gitea OAuth configuration uses wrong endpoints if gitea uses a subfolder #1650

Trellmor opened this issue Jul 4, 2024 · 2 comments
Labels
auth:oauth Specific to OAuth2 authentication auth-issue An issue authenticating to a host bug A bug in Git Credential Manager

Comments

@Trellmor
Copy link

Trellmor commented Jul 4, 2024
edited
Loading

Version

2.5.0+d34930736e131ad80e5690e5634ced1808aff3e2

Operating system

Windows

OS version or distribution

Windows 11 23h2

Git hosting provider(s)

Other - please describe below

Other hosting provider

Gitea selfhosted instance

(Azure DevOps only) What format is your remote URL?

None

Can you access the remote repository directly in the browser?

Yes, I can access the repository

Expected behavior

Gitea is hosted on https://example.com/git/
Trying to clone a Repository (e.g. git clone https//examle.com/git/test/test.git) should send the user to https://example.com/git/login/oauth/authorize and get the token from https://example.com/git/login/oauth/access_token

Actual behavior

The authorization endpoint used is https://example.com/login/oauth/authorize and get the token from https://example.com/login/oauth/access_token (notice the missing /git/ directory in the url)

Logs

14:23:56.073236 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
14:23:56.073236 git.c:465               trace: built-in: git clone https://example.com/git/test/test
Cloning into 'test'...
14:23:56.088884 run-command.c:657       trace: run_command: git remote-https origin https://example.com/git/test/test
14:23:56.120040 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.120040 git.c:750               trace: exec: git-remote-https origin https://example.com/git/test/test
14:23:56.120040 run-command.c:657       trace: run_command: git-remote-https origin https://example.com/git/test/test
14:23:56.167184 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.542051 run-command.c:657       trace: run_command: 'git credential-manager get'
14:23:56.589476 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.589476 git.c:750               trace: exec: git-credential-manager get
14:23:56.589476 run-command.c:657       trace: run_command: git-credential-manager get
14:23:56.714049 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.714049 git.c:465               trace: built-in: git config --null --list
14:23:56.776372 ...\Application.cs:106  trace: [RunInternalAsync] Version: 2.5.0.0
14:23:56.776372 ...\Application.cs:107  trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9241.0
14:23:56.776372 ...\Application.cs:108  trace: [RunInternalAsync] Platform: Windows (x86-64)
14:23:56.776372 ...\Application.cs:109  trace: [RunInternalAsync] OSVersion: 10.0 (build 22631)
14:23:56.776372 ...\Application.cs:110  trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
14:23:56.776372 ...\Application.cs:111  trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
14:23:56.776372 ...\Application.cs:112  trace: [RunInternalAsync] Arguments: get
14:23:56.839182 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'get' command...
14:23:56.839182 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync]   protocol=https
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync]   host=example.com
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync]   wwwauth=Basic realm="Gitea"
14:23:56.854704 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
14:23:56.854704 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
14:23:56.854704 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
14:23:56.854704 ...viderRegistry.cs:185 trace: [GetProviderAsync] Querying remote URL for host provider auto-detection.
14:23:56.854704 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:56.870342 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:56.885848 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.885848 git.c:465               trace: built-in: git version
14:23:56.901480 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.901480 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.916985 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.916985 git.c:465               trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.932617 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.932617 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.948129 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.963769 git.c:465               trace: built-in: git config --null --type=path http.sslCAInfo
14:23:56.963769 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.979786 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465               trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.995424 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.995424 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.010930 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.010930 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.026561 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.026561 git.c:465               trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.026561 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.042069 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.042069 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.042069 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.057701 git.c:465               trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.057701 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.073207 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.088844 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.088844 git.c:465               trace: built-in: git config --null --type=path http.cookieFile
14:23:57.339163 ...etHostProvider.cs:76 trace: [IsSupported] Host isn't supported as Bitbucket
14:23:57.339163 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 1 host providers registered with priority 'Low'.
14:23:57.339163 ...viderRegistry.cs:238 trace: [GetProviderAsync] Remembering host provider for 'https://example.com/' as 'generic'...
14:23:57.339163 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.354669 git.c:465               trace: built-in: git config --global credential.https://example.com.provider generic
14:23:57.354669 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Generic' was selected.
14:23:57.354669 ...\HostProvider.cs:126 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://example.com account=...
14:23:57.354669 ...\HostProvider.cs:131 trace: [GetCredentialAsync] No existing credentials found.
14:23:57.354669 ...\HostProvider.cs:134 trace: [GetCredentialAsync] Creating new credential...
14:23:57.354669 ...ricOAuthConfig.cs:19 trace: [TryGet] Using universal Gitea OAuth configuration
14:23:57.354669 ...icHostProvider.cs:68 trace: [GenerateCredentialAsync] Found generic OAuth configuration for 'https://example.com/':
14:23:57.354669 ...icHostProvider.cs:69 trace: [GenerateCredentialAsync]        AuthzEndpoint   = https://example.com/login/oauth/authorize
14:23:57.354669 ...icHostProvider.cs:70 trace: [GenerateCredentialAsync]        TokenEndpoint   = https://example.com/login/oauth/access_token
14:23:57.354669 ...icHostProvider.cs:71 trace: [GenerateCredentialAsync]        DeviceEndpoint  =
14:23:57.354669 ...icHostProvider.cs:72 trace: [GenerateCredentialAsync]        ClientId        = e90ee53c-94e2-48ac-9358-a874fb9e0662
14:23:57.354669 ...icHostProvider.cs:73 trace: [GenerateCredentialAsync]        ClientSecret    =
14:23:57.354669 ...icHostProvider.cs:74 trace: [GenerateCredentialAsync]        RedirectUri     = http://127.0.0.1/
14:23:57.354669 ...icHostProvider.cs:75 trace: [GenerateCredentialAsync]        Scopes          = []
14:23:57.354669 ...icHostProvider.cs:76 trace: [GenerateCredentialAsync]        UseAuthHeader   = True
14:23:57.354669 ...icHostProvider.cs:77 trace: [GenerateCredentialAsync]        DefaultUserName = OAUTH_USER
14:23:57.370311 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:57.370311 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:57.370311 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.370311 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.385824 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.385824 git.c:465               trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.401456 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.401456 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.401456 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.416962 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.416962 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.432595 git.c:465               trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.432595 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.448106 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.448106 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465               trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.463750 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.479756 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.479756 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.495389 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.495389 git.c:465               trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.495389 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.510898 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.510898 git.c:465               trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.526531 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.526531 git.c:465               trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.526531 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.542038 git.c:465               trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.542038 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.557680 git.c:465               trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.557680 exec-cmd.c:243          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.573203 git.c:465               trace: built-in: git config --null --type=path http.cookieFile
@Trellmor Trellmor added the auth-issue An issue authenticating to a host label Jul 4, 2024
@Trellmor
Copy link
Author

Trellmor commented Jul 4, 2024

Gitea publishes a .well-known/openid-configuration on https://example.com/git/.well-known/openid-configuration
Maybe this could be used to get the correct endpoints.

I thing it would be also fine to require that .well-known/openid-configuration is published at https://example.com/.well-known/openid-configuration (No additional directory). It would be up to the server administrator to copy the openid-configuration to the correct location.

@mjcheetham mjcheetham added bug A bug in Git Credential Manager auth:oauth Specific to OAuth2 authentication labels Jul 8, 2024
@Faiqonli

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth:oauth Specific to OAuth2 authentication auth-issue An issue authenticating to a host bug A bug in Git Credential Manager
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Trellmor @mjcheetham @Faiqonli