github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Drone auth not working from ldap users. Internal users works #1168

New Issue
Closed
opened 2025-11-02 03:51:11 -06:00 by GiteaMirror · 8 comments
GiteaMirror commented 2025-11-02 03:51:11 -06:00
Owner
Copy Link

Originally created by @hdhog on GitHub (Oct 19, 2017).

  • Gitea version (or commit ref): 1.2.1
  • Git version: 2.10.0
  • Operating system: Gentoo
  • Database (use [x]):
    • PostgreSQL
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant

Description

I have setup Drone CI with Gitea 1.2.1. Users use ldap athentication. When the user logs in to Drone, they receive a 401 Unauthorized response.
Users using the internal authentication are authorized in Drone without errors

Headers

Request auth, user hdhog use ldap auth

GET /api/v1/users/hdhog/tokens HTTP/1.1
Host: rni-git.domain.local
User-Agent: Go-http-client/1.1
Authorization: Basic ************
Accept-Encoding: gzip

Response

HTTP/1.1 401 Unauthorized
Server: nginx/1.11.4
Date: Thu, 19 Oct 2017 08:19:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=3b83a0a31165124a; Path=/; HttpOnly
Set-Cookie: _csrf=Dyz3YGDpXqWFUfP7vYRmA8R1tZI6MTUwODQwMTE2MzQ2ODE2OTc4OQ%3D%3D; Path=/; Expires=Fri, 20 Oct 2017 08:19:23 GMT; HttpOnly
X-Frame-Options: SAMEORIGIN

Request auth, root user internal auth

GET /api/v1/users/root/tokens HTTP/1.1
Host: rni-git.domain.local
User-Agent: Go-http-client/1.1
Authorization: Basic ***********
Accept-Encoding: gzip

Response:

HTTP/1.1 200 OK
Server: nginx/1.11.4
Date: Thu, 19 Oct 2017 08:32:46 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=d5bd15cc06a4bad7; Path=/; HttpOnly
Set-Cookie: _csrf=Vql8i2VjWaZT3tqTCcT5EdS59HU6MTUwODQwMTk2NTk4ODg0OTk2Mg%3D%3D; ath=/; Expires=Fri, 20 Oct 2017 08:32:45 GMT; HttpOnly
X-Frame-Options: SAMEORIGIN
Originally created by @hdhog on GitHub (Oct 19, 2017). - Gitea version (or commit ref): 1.2.1 - Git version: 2.10.0 - Operating system: Gentoo - Database (use `[x]`): - [x] PostgreSQL - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant ## Description I have setup Drone CI with Gitea 1.2.1. Users use ldap athentication. When the user logs in to Drone, they receive a 401 Unauthorized response. Users using the internal authentication are authorized in Drone without errors ### Headers Request auth, user hdhog use ldap auth ``` GET /api/v1/users/hdhog/tokens HTTP/1.1 Host: rni-git.domain.local User-Agent: Go-http-client/1.1 Authorization: Basic ************ Accept-Encoding: gzip ``` Response ``` HTTP/1.1 401 Unauthorized Server: nginx/1.11.4 Date: Thu, 19 Oct 2017 08:19:23 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=20 Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 Set-Cookie: i_like_gitea=3b83a0a31165124a; Path=/; HttpOnly Set-Cookie: _csrf=Dyz3YGDpXqWFUfP7vYRmA8R1tZI6MTUwODQwMTE2MzQ2ODE2OTc4OQ%3D%3D; Path=/; Expires=Fri, 20 Oct 2017 08:19:23 GMT; HttpOnly X-Frame-Options: SAMEORIGIN ``` Request auth, root user internal auth ``` GET /api/v1/users/root/tokens HTTP/1.1 Host: rni-git.domain.local User-Agent: Go-http-client/1.1 Authorization: Basic *********** Accept-Encoding: gzip ``` Response: ``` HTTP/1.1 200 OK Server: nginx/1.11.4 Date: Thu, 19 Oct 2017 08:32:46 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 2 Connection: keep-alive Keep-Alive: timeout=20 Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 Set-Cookie: i_like_gitea=d5bd15cc06a4bad7; Path=/; HttpOnly Set-Cookie: _csrf=Vql8i2VjWaZT3tqTCcT5EdS59HU6MTUwODQwMTk2NTk4ODg0OTk2Mg%3D%3D; ath=/; Expires=Fri, 20 Oct 2017 08:32:45 GMT; HttpOnly X-Frame-Options: SAMEORIGIN ```
GiteaMirror added the issue/confirmedtype/bug labels 2025-11-02 03:51:11 -06:00
GiteaMirror commented 2025-11-02 03:51:12 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Oct 19, 2017):

Any log on the console or file?

@lunny commented on GitHub (Oct 19, 2017): Any log on the console or file?
GiteaMirror commented 2025-11-02 03:51:12 -06:00
Author
Owner
Copy Link

@DblK commented on GitHub (Jan 2, 2018):

Has user logged first in gitea or not?
Depending on configuration drone use organization and this comes from gitea not ldap.

Give a try and tell us

@DblK commented on GitHub (Jan 2, 2018): Has user logged first in gitea or not? Depending on configuration drone use organization and this comes from gitea not ldap. Give a try and tell us
GiteaMirror commented 2025-11-02 03:51:12 -06:00
Author
Owner
Copy Link

@jcgruenhage commented on GitHub (Jan 23, 2018):

I've just tried, I can query that endpoint with an ldap user, no matter whether the user had first logged into gitea or not.

@jcgruenhage commented on GitHub (Jan 23, 2018): I've just tried, I can query that endpoint with an ldap user, no matter whether the user had first logged into gitea or not.
GiteaMirror commented 2025-11-02 03:51:13 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Feb 8, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Feb 8, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
GiteaMirror commented 2025-11-02 03:51:13 -06:00
Author
Owner
Copy Link

@maurerle commented on GitHub (Apr 11, 2019):

I am using Gitea with LDAP and just set up drone.io
Login with LDAP worked like charm. Seems like LDAP has not been setup correctly.

Only problem is drone.io ignoring the second-factor authentication and logs in immediately, but i don't think this is a real issue as the auth is just using the LDAP behind right?

@maurerle commented on GitHub (Apr 11, 2019): I am using Gitea with LDAP and just set up drone.io Login with LDAP worked like charm. Seems like LDAP has not been setup correctly. Only problem is drone.io ignoring the second-factor authentication and logs in immediately, but i don't think this is a real issue as the auth is just using the LDAP behind right?
GiteaMirror commented 2025-11-02 03:51:13 -06:00
Author
Owner
Copy Link

@ptman commented on GitHub (May 22, 2019):

logs in immediately? I don't get it to log in unless I remove the second factor

@ptman commented on GitHub (May 22, 2019): logs in immediately? I don't get it to log in unless I remove the second factor
GiteaMirror commented 2025-11-02 03:51:13 -06:00
Author
Owner
Copy Link

@maurerle commented on GitHub (May 22, 2019):

Yes thats right. This is since drone release 1.0 i think.
Version 0.9 just ignored the second factor and afterwards you don't have an option to log in with second-factor at all.
I hope this will be fixed in the future. But this seems to be a drone issue

@maurerle commented on GitHub (May 22, 2019): Yes thats right. This is since drone release 1.0 i think. Version 0.9 just ignored the second factor and afterwards you don't have an option to log in with second-factor at all. I hope this will be fixed in the future. But this seems to be a drone issue
GiteaMirror commented 2025-11-02 03:51:14 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (May 22, 2019):

Closing this, as Drone 1.1.0 now supports using OAuth2 from Gitea, which supports connecting with any user incl. LDAP ones (also basic auth will soon be deprecated as a form of auth on Drone side). OAuth2 ensures that 2FA is followed. Please see https://discourse.drone.io/t/documentation-document-how-gogs-gitea-login-works/3762/7?u=techknowlogick for instructions on using oauth2 with Gitea/Drone.

@techknowlogick commented on GitHub (May 22, 2019): Closing this, as Drone 1.1.0 now supports using OAuth2 from Gitea, which supports connecting with any user incl. LDAP ones (also basic auth will soon be deprecated as a form of auth on Drone side). OAuth2 ensures that 2FA is followed. Please see https://discourse.drone.io/t/documentation-document-how-gogs-gitea-login-works/3762/7?u=techknowlogick for instructions on using oauth2 with Gitea/Drone.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1168
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?