Login problems

[riker513]

Hi everybody, and thanks for the work!

I'm having problems to log in. It is impossible for me to tell from the documentation or anything I can find online.

How is the workflow meant? I can go to Nextcloud admin settings and link to any one specific user on my GitLab instance. Then for any Nextcloud user, I just need to press the connect button in the respective Nextcloud user's settings, and it works. Howver, now wevery Nextcloud user uses the same GitLab account. How does this make sense? Should I add a Nextcloud account to my Gitlab instance for everybody to use for monitoring purposes?

But if so, why the follwing: If I do NOT enter any Gitlab connection in Nextcloud admin settings, then any user in their respective Nextcloud user's settings have the option to enter a personal access token. This does not work: If I create a personal access token for that user in GitLab and enter it in Nextcloud, the connection is not possible. I anyways ask myself why there is no option to specify a GutLab username. So how is this supposed to work?

Kind regards and many thanks! riker

[Th3Ph4nt0m]

Having a similar problem. I cannot find any documentation for this integration. In my nextcloud admin settings, I cannot find any settings for the GtiLab integration.

[julien-nc]

Hi,

Sorry for the lack of documentation.

@riker513

Howver, now wevery Nextcloud user uses the same GitLab account.

If you've configure an OAuth app for a GitLab instance and your users use the OAuth flow to connect to it, they connect with their GitLab user. The only thing that is shared between Nextcloud users is the OAuth app they use to access GitLab.

If I create a personal access token for that user in GitLab and enter it in Nextcloud, the connection is not possible.

Did you add "api", "read_user", "read_api" and "read_repository" permissions to the personal token? What happens when you enter the token in user connected account settings?

I anyways ask myself why there is no option to specify a GutLab username. So how is this supposed to work?

A token is enough to authenticate a user. No need to specify a username when providing a personal token. Actually, when using the OAuth flow, an OAuth access token is created and is also used without username.

@Th3Ph4nt0m

In my nextcloud admin settings, I cannot find any settings for the GtiLab integration.

Do you mean there is a "Connected accounts" admin settings section but it does not contain a GitLab subsection? You should check for error in the browser console (F12 -> console tab). Are you using an old browser (more than 3 years)? Some modern javascript syntax is used. Here is the browser compatibility list: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Optional_chaining#browser_compatibility

[Th3Ph4nt0m]

Do you mean there is a "Connected accounts" admin settings section but it does not contain a GitLab subsection?

This is not in the admin settings, it's in the user settings. This works. There should be some instructions in how to use the integration when enabling it, otherwise many users will instantly remove the App because they don't know how to set it up.

[riker513]

Howver, now wevery Nextcloud user uses the same GitLab account.

If you've configure an OAuth app for a GitLab instance and your users use the OAuth flow to connect to it, they connect with their GitLab user. The only thing that is shared between Nextcloud users is the OAuth app they use to access GitLab.

If I create a personal access token for that user in GitLab and enter it in Nextcloud, the connection is not possible.

Did you add "api", "read_user", "read_api" and "read_repository" permissions to the personal token? What happens when you enter the token in user connected account settings?

I anyways ask myself why there is no option to specify a GutLab username. So how is this supposed to work?

A token is enough to authenticate a user. No need to specify a username when providing a personal token. Actually, when using the OAuth flow, an OAuth access token is created and is also used without username.

Hi @eneiluj I still don't get this. 1.) If I create a system OAuth Token in Gitlab with AppId and Secret, then I can enter this in the Admin settings in Nextcloud. When I log out of Nextcloud and bback in weith a normal user, I can go to settings for the normal user and simply click Connect to GitLab. No further token or anything is requested and it just says: Connected as root. Same for every other user: Always connected as root. What sense does that make? Everybody will receive root's Gitlab notifications.

2.) If I instead don't enter anything in the admin settings in Nextcloud and log back in as a normal user, then the normal user DOES have the option to enter one personal access token. (But then connection doesn't work.) So the question is: Why can't the normal user enter any token in his settings if Nextcloud is connected to Gitlab via the admin settings? If he can't enter any token, how would we distinguish one user from the other?

Cheers

[julien-nc]

Let me try to explain this from the beginning. :grin:

With this app, there are 2 ways to authenticate a Nextcloud user in a GitLab instance:

• The user creates a personal token (taking care of setting suggested permissions) and puts it in user settings
• The Nextcloud admin creates an OAuth app in a GitLab instance and puts the client ID/secret in Nextcloud admin settings. Then Nextcloud users can hit the "connect" button (if they choose the GitLab instance configured in admin settings) and they are redirected to GitLab authentication page. If they authenticate successfully (or if a GitLab session already exists), they are redirected to Nextcloud with an OAuth token.

In Nextcloud admin settings, what you enter is not an access token, it's only an OAuth app client ID/secret that will be used to let users authenticate in a GitLab instance.

No further token or anything is requested and it just says: Connected as root. Same for every other user: Always connected as root.

What happens here is that your "root" session in GitLab is alive so when you press "connect" in Nextcloud, you reach GitLab authentication page that lets you in because you are already authenticated. I mean, your browser is already authenticated.

Don't worry, other users won't be able to login as root. They will just see the GitLab authentication page. Try to logout from your GitLab account (on the GitLab website) and press "connect" in Nextcloud user settings.

About 2. Are you sure you've added correct permissions to the token you manually created? I didn't get any bug report about that not working for the moment. Maybe you did something wrong or maybe there is a problem that only shows up in your context. In this case I would need more information like Nextcloud log messages when entering the token.

Any better?

[vincowl]

I am facing a similar problem : when using a personal token, the token is rejected as an incorrect one. Permissions are correctly set and other tokens work perfectly with gitlab and other apps such as Labcoat. Any idea ? Nextcloud : 21.0.0 Gitlab integration app : 0.0.15 Gitlab : 13.9

[farrad]

Same here, neither of the two methods work for me.

Here is my step-by-step:

1. When User settings are empty (via OAuth app)

I do the following: a. In GitLab (e.g. https://gitlab.domain.com): go to Menu --> Admin --> Applications --> New application b. Fill-in the fields as follows:

• Name: Nextcloud
• Redirect URI: https://nextcloud.example.com/apps/integration_gitlab/oauth-redirect
• Trusted: checked
• Confidential: checked
• Expire access tokens: checked
• Scopes: api, read_user, read_api, read_repository

c. Press Save application button d. Copy Application ID and Secret e. In Nextcloud Settings: Go to the Administration --> Connected accounts --> GitLab integration section f. Fill-in the fields as follows:

• OAuth app instance address: https://gitlab.domain.com
• Application ID: Enter from the step d.
• Application secret: Enter from the step d.

g. Hit Tab. "GitLab admin options saved" message appears (HTTP response: 1) h. Go to the Personal --> Connected accounts --> GitLab integration section

• GitLab instance address field contains https://gitlab.com
• Personal access token is empty

i. Go to the Dashboard (https://nextcloud.example.com/apps/dashboard/#/) j. In the GitLab todos card click on the Connect to GitLab button. I get redirected to the Personal --> Connected accounts --> GitLab integration page

2. When Admin settings are empty (via pesonal token)

I do the following: a. Go to the Personal --> Connected accounts --> GitLab integration section b. Fill-in the fields as follows:

• GitLab instance address: https://gitlab.domain.com
• Personal access token: <personal token with the 'api', 'read_user', 'read_api', 'read_repository' permissions>
• Enable navigation link checked OR unchecked

c. Hit Tab. "Incorrect access token" message appears

HTTP Request:

{"values":{"token":"<TOKEN_HERE>","url":"https://gitlab.domain.com"}}

HTTP Response:

{"user_name":""}

My environment

Nextcloud: 23.0.0.1 GitLab: 14.4.1

[Sim0nW0lf]

I tried this as well, just like @farrad and had exactly the same issue

[lerd2805]

i have the same issue like @farrad. when gonna have any update to get fix this bug?

[CodingKitsune]

Still broken on NextCloud 24 and GitLab 14.10.2

[wenlong1234]

i have the same issue , can you help fix it?

[julien-nc]

It's working fine on my side with integration_gitlab v1.0.3. I tried using an OAuth app with a gitlab.com and framagit.org account. I also tried using a personal token for both these servers.

Could someone check if some lines containing "GitLab API error" pop up in the Nextcloud server logs (nextcloud/data/nextcloud.log) when trying to set a personal token in the Connected accounts settings section?

If this does not help, could someone create an account for me on a Gitlab instance where the issue was observed? You can send me the credentials by email (which you can find in every commit of this repo). I could look into this issue if I could reproduce it :grin:.

[farrad]

@eneiluj Thank you for testing this!

I was finally able to resolve it.

Short answer: Add 'allow_local_remote_servers' => true, to your Nextcloud config

Detailed answer: Here is what I did:

1. With integration_gitlab v1.0.3 it was still not working for me (NC: 23.0.5 GitLab: 14.4.1)
2. I repeated Step 1(a-g) from my previous post. It worked exactly the same way as before.
3. I executed Step 1h and the page contained Gitlab instance address: https://gitlab.domain.com/ (NOT https://gitlab.com/) and no field for a personal token. Instead there was a button Connect to GitLab.
4. I pressed the button I was redirected to https://gitlab.domain.com/ and then back to the Personal --> Connected accounts page (account was still not connected). In browser console I noticed that the Nextcloud URL I was actually redirected to was /settings/user/connected-accounts?gitlabToken=error&message=Error+getting+OAuth+access+token.+Host+violates+local+access+rules
5. After googling for "GitLab OAuth Host violates local access rules" I was able to find this answer to a similar question.
6. I added this line: 'allow_local_remote_servers' => true, to the Nextcloud config: <WEBROOT>/config/config.php. Then restarted Nextcloud and repeated Step 1h.
7. Now I was redirected back to Nextcloud with a different message: /settings/user/connected-accounts?gitlabToken=success and saw that GitLab integration is now connected.
8. Going to the Dashboard I saw GitLab issues displayed in the GitLab Integration Widget.

My suggestion is to explicitly describe this Nextcloud setting in the Configuration section.

[gb-123-git]

+1

I am facing the same problem. Adding 'allow_local_remote_servers' => true, did not fix it for me.

Log Says : {"reqId":"hxxxxxxxxb","level":2,"time":"2022-06-22T02:34:40","remoteAddr":"1xx.1xx.xxx.xx3","user":"xxxxx","app":"integration_gitlab","method":"GET","url":"/apps/integration_gitlab/todos","message":"GitLab API error : cURL error 28: Connection timed out after 30001 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xxx.xxx.xxx/api/v4/todos?action%5B%5D=assigned&action%5B%5D=mentioned&action%5B%5D=build_failed&action%5B%5D=marked&action%5B%5D=appr.....}

[LightTemplar]

Show answer: Add 'allow_local_remote_servers' => true, to your Nextcloud config

Thanks, this also worked for me! And, if someone here uses Nextcloud on Univention system as me, you can set that variable also via following command: sudo univention-app shell nextcloud sudo -u www-data php /var/www/html/occ config:system:set allow_local_remote_servers --value=true --type=boolean

[Cris70]

Worked for me also (I was having the Host violates local access rules error in the log). It's 2024 and this is still not clearly outlined in the Gitlab Integration setup page, why?

[Cris70]

I am facing the same problem. Adding 'allow_local_remote_servers' => true, did not fix it for me.

Log Says : {"reqId":"hxxxxxxxxb","level":2,"time":"2022-06-22T02:34:40","remoteAddr":"1xx.1xx.xxx.xx3","user":"xxxxx","app":"integration_gitlab","method":"GET","url":"/apps/integration_gitlab/todos","message":"GitLab API error : cURL error 28: Connection timed out after 30001 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xxx.xxx.xxx/api/v4/todos?action%5B%5D=assigned&action%5B%5D=mentioned&action%5B%5D=build_failed&action%5B%5D=marked&action%5B%5D=appr.....}

At first, adding allow_local_remote_servers worked for me, but after a few hours it stopped working wihtout any apparent reason. Trying to reinstate the connection, now I get a timeout just like @gb-123-git.