Comments (6)
Issue re: JANKY_AUTH_TEAM_ID - #112
from janky.
Ok, so last bit of diagnosis for the night.
If I take the code returned by GitHub, I'm having a problem getting a token
Note that the original request from Janky to GitHub contains
- response_type: code
- client_id: JANKY_AUTH_CLIENT_ID
- scope: repo
- redirect_uri: https://MY.JANKY.COM/auth/github/callback
I see in the OAuth docs that state
is optional, and Janky does not specify it
So if I take the code from auth/github/callback?code=THECODE
, and try to Curl for the token... I don't have any luck.
Per the docs, state
is optional on the initial request for a code, but mandatory on the request for the token, so I'm not sure what to do with it. (I'm just trying to verify that I can use the production machine to get the token and verify that this is an application issue)
I've tried specifying state as empty like this
curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"client_id":"JANKY_AUTH_CLIENT_ID", "client_secret":"JANKY_AUTH_CLIENT_SECRET","code":"THECODE", "state":""}' https://github.com/login/oauth/access_token
Or simply not in the request like this
curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"client_id":"JANKY_AUTH_CLIENT_ID", "client_secret":"JANKY_AUTH_CLIENT_SECRET","code":"THECODE" }' https://github.com/login/oauth/access_token
Neither work... in both instances I get a
{"error":"bad_verification_code"}
Per the docs
If the user accepts your request, GitHub redirects back to your site with a temporary code in a code parameter
as well as the state you provided in the previous step in a state parameter. If the states don’t match,
the request has been created by a third party and the process should be aborted.
If I watch the traffic from my Errbit install, I see that the state
parameter is filled in for the request to github.com/login/oauth
. The callback to Errbit includes that state, which is then presumably used to acquire a token.
from janky.
/cc @atmos not sure if this is a sinatra_auth_github issue or not?
from janky.
So I've disabled the GitHub OAuth for now, to try and determine why the Janky commands that configure / talk to Jenkins aren't working.
Finally I have something useful in a log. I kind of half wondered if there might be some issue using SSL. It turns out that there is...
When Janky tries to talk to Jenkins, I get:
OpenSSL::SSL::SSLError - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:
Relvant portion of stack
/usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
/usr/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
/usr/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
/usr/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
/usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
/usr/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
/usr/lib/ruby/1.9.1/net/http.rb:744:in `start'
/usr/lib/ruby/1.9.1/net/http.rb:1284:in `request'
/var/lib/gems/1.9.1/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in
/var/lib/gems/1.9.1/gems/janky-0.9.13/lib/janky/builder/http.rb:21:in `run'
/var/lib/gems/1.9.1/gems/janky-0.9.13/lib/janky/builder/runner.rb:12:in `run'
/var/lib/gems/1.9.1/gems/janky-0.9.13/lib/janky/builder/client.rb:21:in `run'
This seems to be a pretty well-documented issue where OpenSSL can't find the certs on the machine (or similar)... but I'm still have some issues getting it worked out.
I was hoping to do something like this, where I just export a variable.
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
However, this doesn't seem to work.
There are a number of other solutions involving monkey-patching, etc... For instance, there are suggestions of setting ca_file
-- this would be here https://github.com/github/janky/blob/master/lib/janky/github/api.rb#L88 for the GitHub api. But this isn't really a great global solution.
http.ca_file = "/etc/ssl/certs/ca-certificates.crt"
I also tried this and it didn't seem to work -- but that might be because it only affects the calls to GitHub, and not the calls to Janky.
So I'm looking for the simplest, least-intrusive manner of getting this working.
If anyone has any suggestions, I'm all ears.
from janky.
Also posted to SO in hopes that someone more Ruby savvy than I can figure this out!
http://stackoverflow.com/questions/13290759/ruby-opensslsslsslerror-on-ubuntu-12-04-1-ruby-1-9-3p0
from janky.
Can you just disable SSL certificate verification and see if that gets you going?
from janky.
Related Issues (20)
- Setting hook bombs if hook exists.
- Setup Environment on non-Heroku/Dokku server HOT 2
- GitHub Can't Be Verified (SSL) HOT 4
- janky failing to build java 1.7 source
- Windows Janky Server appears to be offline HOT 1
- [Suggestion] Stats per branch
- Doesn't mark pending builds as pending on Github HOT 1
- Janky doesn't know how to build tags
- Trying to connect to MySQL via socket in 'development' and 'test'
- Moving Maintainership to @mattr- HOT 12
- Making Git repo locations more human friendly HOT 7
- Install Locally HOT 4
- [Question] Could Hubot alone do all that Janky does? HOT 2
- Janky with role / matrix based jenkins? HOT 3
- [Question]Do itsupport private deployment? HOT 4
- REDACT
- Support Ruby 2.4 HOT 5
- Redact
- Support Ruby 2.5
- Janky::Error: /app/config is not a directory HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from janky.