GitHub login sending browser back to the login page
bhavanki opened this issue · 1 comments
I'm working on setting up a POC for our organization using a GitHub app integration. While I think I've followed the instructions correctly, the UI seems not able to fully log individuals in. After pressing the "Login with GitHub" button (and already being logged in to GitHub separately in the browser), the main page for codecov is visible very briefly, but then I'm sent back to the login page. The briefly visible page does not indicate that I'm logged in. (Actually, sometimes, that page eventually reappears, but with no repositories scanned.)
Watching the Docker Compose logs, I can see login activity including traffic coming from the GitHub App that I created. I also see the worker set off scanning repositories after I should be logged in. One possible symptom in the logs is a possible 401 coming back from GitHub, the second line below:
self-hosted-api-1 | {"message": "Github HTTP 200", "asctime": "2023-08-23 20:21:11,961", "name": "shared.torngit.github", "levelname": "INFO", "lineno": 155, "pathname": "shared/torngit/github.py", "funcName": "make_http_call", "threadName": "ThreadPoolExecutor-66_0", "current_retry": 1, "time_taken": 146.78364999963378, "body": null, "rlx": "14247", "rly": "15000", "rlr": "1692824615", "event": "api", "endpoint": "/user/memberships/orgs?state=active", "method": "GET", "bot": null, "repo_slug": null, "loggable_token": "01eXR", "logger.name": "shared.torngit.github", "logger.thread_name": "ThreadPoolExecutor-66_0", "level": "INFO"}
self-hosted-api-1 | {"message": "Github HTTP 401", "asctime": "2023-08-23 20:21:12,361", "name": "shared.torngit.github", "levelname": "WARNING", "lineno": 155, "pathname": "shared/torngit/github.py", "funcName": "make_http_call", "threadName": "ThreadPoolExecutor-66_0", "current_retry": 1, "time_taken": 398.9036530001613, "body": "", "rlx": null, "rly": null, "rlr": null, "logger.name": "shared.torngit.github", "logger.thread_name": "ThreadPoolExecutor-66_0", "level": "WARNING"}
self-hosted-api-1 | {"message": "Github HTTP 200", "asctime": "2023-08-23 20:21:12,534", "name": "shared.torngit.github", "levelname": "INFO", "lineno": 155, "pathname": "shared/torngit/github.py", "funcName": "make_http_call", "threadName": "ThreadPoolExecutor-66_0", "current_retry": 1, "time_taken": 171.87283400016895, "body": null, "rlx": "14245", "rly": "15000", "rlr": "1692824615", "event": "api", "endpoint": "/user/teams?per_page=100&page=1", "method": "GET", "bot": null, "repo_slug": null, "loggable_token": "01eXR", "logger.name": "shared.torngit.github", "logger.thread_name": "ThreadPoolExecutor-66_0", "level": "INFO"}
Another symptom I can see is that the browser reports the following JavaScript errors after login. I've tested with Firefox, Chrome, and Vivaldi.
DataCloneError: Function object could not be cloned.
Error at useUser: Unauthenticated
Error at useUser: The operation was aborted.
Any ideas or troubleshooting tips? Thanks!
I tried a fresh installation and, with at least one fix and one change, login started working.
The fix was that I had not installed the self-hosted codecov GitHub App into my organization. I didn't realize that that was a separate step to be performed after creating it.
The change was using ngrok to forward to my installation, which sets up a TLS (https) connection from outside. I had been using localhost.run for plain HTTP over 8080, and then simply exposing 8080 through an AWS security group, but both exhibited the problem I originally described. Perhaps the use of TLS helped in some way. For others' reference, in order to make TLS work through ngrok:
- Set the trio of
_HOST
environment variables in docker-compose.yml to the ngrok domain name. I used a free static domain to avoid rotation. (This was also discovered in #12 ) - Set
scheme
for the frontend container tohttps
. (Also found in that other issue) - Set
ports
for the frontend container to just "443" (string). - Set
codecov.url
in config.yml to the full https URL served by ngrok. - Have ngrok forward to port 8080 and use your static domain.