Skip to content

Fix relative_url_root Web IDE OAuth issues

Paul Slaughter requested to merge 475276-fix-relative-url-oauth-issues into master

Issue: Web IDE OAuth: Handle relative url root case (#475276 - closed)

What does this MR do and why?

In this MR we had to revert the default enablement of web_ide_oauth because this caused some realtive-url QA specs to fail. This MR fixes those issues:

  • Have gitlabUrl end with slash so that OAuth paths include relative_url_root
  • Update oauth_domain_mismatch_error to concatenate based on the real baseUrl of the callback URL's.
  • Update getOAuthConfig to take into account relative_url_root when building callbackUrl

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Takes into consideration relative-url when checking for a match from the callbackUrls list:

no-mismatch.mov

Accessing the Web IDE with a relative_url ( http://gdk.test:3000/gitlab) when the list of callback URLs does not contain relative_url displays the error page. Note new copy indicating the expected callback URL:

single-callback-url.png

For multiple callback URLs, we also take into consideration the relative-url when displaying the domain options:

multiple-callback-urls.png

How to set up and validate locally

Prerequisite: To test this out you'll need to set up relative_url_root locally in your GDK:
  1. Stop GDK with gdk stop
  2. Add relative_url_root: "/gitlab" to your gdk.yml
  3. Run gdk reconfigure
  4. In resulting Procfile, add -authBackend http://localhost:8080/gitlab to the end of the line that starts with gitlab-workhorse: (this is an issue with gitlab-workhorse I discovered while testing. We'll fix the Procfile generation in a separate MR)
  5. Start GDK with gdk start
  6. Now you can visit the GDK at /gitlab
  7. IMPORTANT: You might also need to disable vite, since that seems to have relative_url_root issues. https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/configuration.md#vite-settings
To test the Web IDE happy path:
  1. Make sure that web_ide_oauth feature flag is enabled by visiting /gitlab/rails/features
  2. Make sure that the Web IDE OAuth application does not exist (since it might be misconfigured now that we're running under relative_url_root). Go to Admin area, then Applications and look for GitLab Web IDE. If it exists, delete it.
  3. Go to /gitlab/-/ide/project/flightjs/Flight/edit/master/-/
  4. Everything should work nicely 😄

To test the oauth_domain_mismatch_error.vue changes:

  1. As an admin, visit the admin panel and go to Applications

  2. Visit the GitLab Web IDE OAuth application and set the Callback URL to something other than the current URL. For example:

    https://not-a-real-gdk.gdk.test/-/ide/oauth_redirect
https://not-a-real-gdk.gitlab.com/foo/-/ide/oauth_redirect

  3. Visit the Web IDE and a helpful error message should pop up. The dropdown should link to the domains configured in the previous step.

Related to #475276 (closed)

Edited by Cindy Halim

Merge request reports