If a GitLab Server does not have a "Secret Token" defined, webhook fails with 401 #304
Description
Jenkins and plugins versions report
Environment
Jenkins: 2.387.1
OS: Linux - 4.18.0-425.19.2.el8_7.x86_64
Java: 11.0.18 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)
---
Exclusion:0.15
PrioritySorter:4.1.0
ace-editor:1.1
ansicolor:1.0.2
ant:481.v7b_09e538fcca
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
async-http-client:1.9.40.0
authentication-tokens:1.4
badge:1.9.1
blueocean:1.27.3
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.3
blueocean-commons:1.27.3
blueocean-config:1.27.3
blueocean-core-js:1.27.3
blueocean-dashboard:1.27.3
blueocean-display-url:2.4.1
blueocean-events:1.27.3
blueocean-git-pipeline:1.27.3
blueocean-github-pipeline:1.27.3
blueocean-i18n:1.27.3
blueocean-jira:1.27.3
blueocean-jwt:1.27.3
blueocean-personalization:1.27.3
blueocean-pipeline-api-impl:1.27.3
blueocean-pipeline-editor:1.27.3
blueocean-pipeline-scm-api:1.27.3
blueocean-rest:1.27.3
blueocean-rest-impl:1.27.3
blueocean-web:1.27.3
bootstrap4-api:4.6.0-5
bootstrap5-api:5.2.2-1
bouncycastle-api:2.27
branch-api:2.1071.v1a_188a_562481
build-blocker-plugin:1.7.8
build-failure-analyzer:2.4.1
build-name-setter:2.2.0
build-timeout:1.28
build-user-vars-plugin:1.9
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
calendar-view:0.3.2
checks-api:2.0.0
claim:516.v36293563731d
cloud-stats:267.v577e3742c282
cloudbees-bitbucket-branch-source:796.v6cb_1559e1673
cloudbees-folder:6.815.v0dd5a_cb_40e0e
code-coverage-api:4.0.0
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
conditional-buildstep:1.4.2
config-file-provider:3.11.1
configuration-as-code:1569.vb_72405b_80249
configuration-as-code-groovy:1.1
configurationslicing:430.v966357576543
copyartifact:686.v6fd37018d7c2
credentials:1224.vc23ca_a_9a_2cb_0
credentials-binding:523.vd859a_4b_122e6
cucumber-living-documentation:3.2
cucumber-reports:5.7.5
cucumber-trends-report:1.3
dashboard-view:2.472.v9ff2a_e6a_c529
data-tables-api:1.13.3-2
dependency-check-jenkins-plugin:5.4.0
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-workflow:563.vd5d2e5c4007f
downstream-build-cache:1.7
durable-task:504.vb10d1ae5ba2f
echarts-api:5.4.0-2
email-ext:2.95
extended-read-permission:3.2
extensible-choice-parameter:1.8.0
external-monitor-job:203.v683c09d993b_9
favorite:2.4.1
file-operations:1.11
folder-auth:1.4
font-awesome-api:6.3.0-1
forensics-api:2.0.1
generic-webhook-trigger:1.86.2
git:5.0.0
git-client:4.2.0
git-parameter:0.9.18
git-server:99.va_0826a_b_cdfa_d
github:1.37.0
github-api:1.303-417.ve35d9dd78549
github-branch-source:1701.v00cc8184df93
gitlab-api:5.0.1-78.v47a_45b_9f78b_7
gitlab-branch-source:650.va_d1ce6d01959
gitlab-oauth:1.16
gitlab-plugin:1.7.9
global-build-stats:244.v27c8a_2e50a_34
golang:1.4
gradle:2.3.2
groovy:453.vcdb_a_c5c99890
h2-api:1.4.199
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
htmlpublisher:1.31
http_request:1.16
instance-identity:142.v04572ca_5b_265
ionicons-api:45.vf54fca_5d2154
jackson2-api:2.14.2-319.v37853346a_229
jacoco:3.3.2
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:226.v71211feb_e7e9
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:63.v62d2fd4b_4793
jenkins-design-language:1.27.3
jersey2-api:2.38-1
jgiven:0.15.1
jira:3.9
jjwt-api:0.11.5-77.v646c772fddb_0
job-dsl:1.81.1
job-node-stalker:1.0.5
job-restrictions:0.8
jobConfigHistory:1207.vd28a_54732f92
jquery:1.12.4-1
jquery3-api:3.6.3-1
jsch:0.1.55.61.va_e9ee26616e7
junit:1189.v1b_e593637fa_e
junit-attachments:131.vef2117770555
jython:1.9
keycloak:2.3.0
ldap:671.v2a_9192a_7419d
locale:226.v008e1b_58cb_b_0
lockable-resources:1131.vb_7c3d377e723
logfilesizechecker:1.5
logstash:2.5.0205.vd05825ed46bd
m2release:0.16.3
mailer:448.v5b_97805e3767
managed-scripts:1.5.6
mapdb-api:1.0.9-28.vf251ce40855d
mask-passwords:150.vf80d33113e80
matrix-auth:3.1.6
matrix-project:785.v06b_7f47b_c631
maven-artifact-choicelistprovider:1.11.0
maven-invoker-plugin:2.5
maven-metadata-plugin:2.2
maven-plugin:3.21
mercurial:1260.vdfb_723cdcc81
metrics:4.2.13-420.vea_2f17932dd6
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
momentjs:1.1.1
monitoring:1.92.0
mysql-api:8.0.16
naginator:1.18.2
nexus-jenkins-plugin:3.16.481.ved9f5106e132
node-iterator-api:49.v58a_8b_35f8363
nodejs:1.6.0
nodelabelparameter:1.11.0
okhttp-api:4.10.0-132.v7a_7b_91cef39c
openJDK-native-plugin:1.6
openstack-cloud:2.63
opentestfactory-orchestrator:2.1.0
p4:1.14.0
pam-auth:1.10
parameter-separator:1.3
parameterized-scheduler:1.2
parameterized-trigger:2.45
performance:918.v5511b_a_d40338
persistent-parameter:1.3
pipeline-build-step:487.va_823138eee8b_
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:629.vb_5627b_ee2104
pipeline-input-step:466.v6d0a_5df34f81
pipeline-maven:1279.v5d711113020f
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.31
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
pipeline-stage-view:2.31
pipeline-utility-steps:2.15.1
plain-credentials:143.v1b_df8b_d3b_e48
plugin-usage-plugin:4.0
plugin-util-api:3.1.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
postgresql-api:42.3.3
prism-api:1.29.0-3
promoted-builds:892.vd6219fc0a_efb
pubsub-light:1.17
purge-build-queue-plugin:88.v23b_97b_f2c7a_d
pyenv-pipeline:2.1.2
python:1.3
rebuild:1.34
resource-disposer:0.21
run-condition:1.5
scm-api:631.v9143df5b_e4a_a
script-security:1229.v4880b_b_e905a_6
shiningpanda:0.24
sidebar-link:2.2.1
slack:631.v40deea_40323b
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sonar:2.15
sse-gateway:1.26
ssh-agent:327.v230ecd01f86f
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
ssh-steps:2.0.65.vd26b_5b_9b_de4d
sshd:3.275.v9e17c10f2571
structs:324.va_f5d6774f3a_d
subversion:2.17.1
support-core:1266.v6d096c154c90
terraform:1.0.10
timestamper:1.22
token-macro:321.vd7cc1f2a_52c8
translation:1.16
trilead-api:2.84.v72119de229b_7
uno-choice:2.6.4
variant:59.vf075fe829ccb
viewVC:1.7
violation-comments-to-gitlab:2.58
vsphere-cloud:2.27
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1208.v0cc7c6e0da_9e
workflow-basic-steps:1010.vf7a_b_98e847c1
workflow-cps:3641.vf58904a_b_b_5d8
workflow-durable-task-step:1234.v019404b_3832a
workflow-job:1284.v2fe8ed4573d4
workflow-multibranch:733.v109046189126
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.44
xray-connector:2.6.1
What Operating System are you using (both controller, and any agents involved in the problem)?
Rocky
Reproduction steps
- Setup one GitLab Server without Secret Text
- Setup one GitLab Server with Secret Text (order most likely matters but not tested)
- Setup multibranch pipeline job using GitLab Branch Source as source plugin and run
- Try triggering a webhook (manually from GitLab)
- Returns 401
Expected Results
Should return 200
Actual Results
Returns 401
Anything else?
Jenkins logs:
2023-04-17 09:50:33.784+0000 [id=228] WARNING i.j.p.g.GitLabWebHookAction#isValidToken: Error while validating token: null
2023-04-17 09:50:33.785+0000 [id=228] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 0ae403da-e2ea-47d6-951e-830331458f2a
java.lang.Exception: Expecting a valid secret token
at org.kohsuke.stapler.HttpResponses.error(HttpResponses.java:92)
at io.jenkins.plugins.gitlabbranchsource.GitLabWebHookAction.doPost(GitLabWebHookAction.java:75)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
...