django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Reauth Gitlab doesn't work v.2.34.2 (and lower)

Open G1P0 opened this issue 1 year ago • 7 comments

Hi. I use DefectDojo without SSL in my local environment for educational purpose.

There's bug: OAuth 2.0 through Gitlab doesn't work when you try to "Login with Gitlab" for the second time. First time - it's done, it's ok. But for the second time (e.g. I've added new repositories in local gitlab and I need to sync them) - there's 500 Internal Server Error.

Steps to reproduce the behavior:

  1. Add new app in Gitlab for DD
  2. Add gitlab's env in DD's docker-compose (key, secret, api_url, aouth_enabled, auto_import, scope)
  3. Click on "Login with Gitlab" -> approve auth on local gitlab -> it's done, everything works
  4. Logout from Gitlab user
  5. Login with Gitlab again -> approve auth on local gitlab -> 500 Internal Server Error
  • [ X ] Docker Compose

Operating System: Ubuntu Server 22.04 Bug's DefectDojo is somewhere between 2.33.0 and 2.34.2 Worked Defectdojo 2.33.0

Logs from uwsgi:

with self.db.wrap_database_errors:
  File "/usr/local/lib/python3.11/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django.db.utils.IntegrityError: duplicate key value violates unique constraint "social_auth_usersocialauth_provider_uid_e6b5e668_uniq"
DETAIL:  Key (provider, uid)=(gitlab, 1) already exists.

[pid: 1|app: -|req: -/-] 192.168.56.1 (-) {48 vars in 1418 bytes} [Thu May  9 11:02:44 2024] GET /complete/gitlab/?code=*token* Id => generated 12833 bytes in 217 msecs (HTTP/1.1 200) 7 headers in 223 bytes (1 switches on core 0)

In v. 2.33.0 everything worked fine. e.g. logs with the reproduced steps:

# I logout after successful Gitlab login 
logout user: **gitlab-user** via ip: 192.168.56.1
GET /logout => generated 0 bytes in 27 msecs (HTTP/1.1 302) 10 headers in 549 bytes (1 switches on core 1)

# I login again through "Login with Gitlab" and it's auth without any problem
GET /login => generated 16301 bytes in 20 msecs (HTTP/1.1 200) 11 headers in 579 bytes (1 switches on core 0)
GET /login/gitlab/?next= => generated 0 bytes in 19 msecs (HTTP/1.1 302) 11 headers in 798 bytes (1 switches on core 1)
login user: **gitlab-user** via ip: 192.168.56.1
GET /complete/gitlab/?code=**token** => generated 0 bytes in 959 msecs (HTTP/1.1 302) 12 headers in 638 bytes (1 switches on core 0)
GET / => generated 0 bytes in 18 msecs (HTTP/1.1 302) 8 headers in 244 bytes (1 switches on core 1)
GET /dashboard => generated 43173 bytes in 127 msecs (HTTP/1.1 200) 8 headers in 368 bytes (1 switches on core 0)

G1P0 avatar May 09 '24 11:05 G1P0

Exact same error on Kubernetes. Reverting to 2.33.0 fixed the issue as OP said.

Brawdunoir avatar May 15 '24 13:05 Brawdunoir

Encountered the same problem, temporarily solved it by downgrading the versions of social-app-django and social-core

social-auth-app-django==5.4.0 social-auth-core==4.5.2

Ma1tobiose avatar May 28 '24 01:05 Ma1tobiose

Same error after configuring kubernetes instance with gitlab : defectdojo/defectdojo-django:2.35.1

ArthurJam avatar Jun 07 '24 15:06 ArthurJam

Same problem, Now it work with the version 2.33, Thank you for pointing the problem, i was going crazy as i first tried the Gitlab auth with the 2.35 version

Aminoss46 avatar Jun 10 '24 14:06 Aminoss46

Same problem. I can't upgrade to versions 2.34 and 2.35 because of it. I have to stay with version 2.33. For existing users it is impossible to authenticate using Gitlab, there is 500 Server Internal Error.

anetafa avatar Jun 12 '24 13:06 anetafa

Hello, to complete my comment with logs:

Below I copied extract from postgresql and django logs from my test when I log in with a new user. First login attempt is successful, then I logout, and the second login attempt is already unsuccessful. During unsuccessful login attempt there is an error about duplicate entry in table social_auth_usersocialauth_provider (similarily as in logs pasted by the creator of this issue)

1st login of a new user. This login is successful Jun 17, 2024 @ 13:21:54.434 django INFO [dojo.utils:2361] login user: test.user via ip: 192.168.210.51 Jun 17, 2024 @ 13:21:54.600 django [pid: 1|app: -|req: -/-] 192.168.210.51 (-) {72 vars in 1706 bytes} [Mon Jun 17 11:21:52 2024] GET /complete/gitlab/?code=4b5c2c5d634a1749e7628013fa64de4f6f3acbc7d9c3025662e82218f9ece859&state=5dc90asNkCy48MScTsycTTshcJ2Yex7z => generated 0 bytes in 2462 msecs (HTTP/1.1 302) 12 headers in 636 bytes (1 switches on core 0) Jun 17, 2024 @ 13:21:54.600 django 192.168.210.51 - - [17/Jun/2024:11:21:54 +0000] "GET /complete/gitlab/?code=4b5c2c5d634a1749e7628013fa64de4f6f3acbc7d9c3025662e82218f9ece859&state=5dc90asNkCy48MScTsycTTshcJ2Yex7z HTTP/1.1" 302 0 "https://gitlab.tech.orange/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "192.168.160.0"

Logout Jun 17, 2024 @ 13:22:36.778 django 192.168.210.51 - - [17/Jun/2024:11:22:36 +0000] "GET /logout HTTP/1.1" 200 3487 "https://defectdojo-integration.dos.tech.orange/engagement/all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "192.168.160.0"

2nd login attempt which finishes with 500 Internal Error Jun 17, 2024 @ 13:22:44.255 django 192.168.210.51 - - [17/Jun/2024:11:22:44 +0000] "GET /login/gitlab/?next=/ HTTP/1.1" 302 0 "https://defectdojo-integration.dos.tech.orange/login?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "192.168.160.0" Jun 17, 2024 @ 13:22:45.007 postgresql [1868488] STATEMENT: INSERT INTO "social_auth_usersocialauth" ("user_id", "provider", "uid", "extra_data", "created", "modified") VALUES (653, 'gitlab', '207969', '{}', '2024-06-17T11:22:45.007379+00:00'::timestamptz, '2024-06-17T11:22:45.007396+00:00'::timestamptz) RETURNING "social_auth_usersocialauth"."id" Jun 17, 2024 @ 13:22:45.007 postgresql [1868488] ERROR: duplicate key value violates unique constraint "social_auth_usersocialauth_provider_uid_e6b5e668_uniq" Jun 17, 2024 @ 13:22:45.007 postgresql [1868488] DETAIL: Key (provider, uid)=(gitlab, 207969) already exists. Jun 17, 2024 @ 13:22:45.186 django django.db.utils.IntegrityError: duplicate key value violates unique constraint "social_auth_usersocialauth_provider_uid_e6b5e668_uniq" Jun 17, 2024 @ 13:22:45.186 django ERROR [django.request:241] Internal Server Error: /complete/gitlab/

This test was done with defectdojo in version 2.35.2

anetafa avatar Jun 18 '24 12:06 anetafa

Same problem with the 2.36.0 version

Aminoss46 avatar Jul 05 '24 08:07 Aminoss46