My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2757: GITHUB_AUTH authentication does not work through a proxy
2 people starred this issue and may be notified of changes. Back to list
Status:  ChangeUnderReview
Owner:  ----
Cc:  luca.mil...@gmail.com


Sign in to add a comment
 
Reported by matt...@unsolvable.org, Jul 4, 2014
Change https://gerrit-review.googlesource.com/#/c/57570/ (in 2.9 and master) enables Gerrit to use GitHub OAuth authentication.

Unfortunately, this does not work through a proxy. See https://groups.google.com/d/msg/repo-discuss/77MakrpYiAk/lhAJGLSA1OkJ for a discussion of why.

I was able to get GITHUB_AUTH authentication working through a proxy with a small change to Gerrit. However, as I am not a Java programmer, I don't want to submit a path with my change, as it will be wrong - I have no understanding of issues such as threading etc.

So, here is my patch, which could be used as a basis for someone to code a "proper" fix:

diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/github/PooledHttpClientProvider.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/git
index dc6bbd5..e6b9491 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/github/PooledHttpClientProvider.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/github/PooledHttpClientProvider.java
@@ -19,6 +19,7 @@ import com.google.inject.Singleton;
 
 import org.apache.http.HttpHost;
 import org.apache.http.client.HttpClient;
+import org.apache.http.conn.params.ConnRoutePNames;
 import org.apache.http.conn.routing.HttpRoute;
 import org.apache.http.conn.scheme.PlainSocketFactory;
 import org.apache.http.conn.scheme.Scheme;
@@ -26,6 +27,7 @@ import org.apache.http.conn.scheme.SchemeRegistry;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.conn.PoolingClientConnectionManager;
+import org.apache.http.params.HttpParams;
 
 @Singleton
 class PooledHttpClientProvider implements Provider<HttpClient> {
@@ -51,6 +53,11 @@ class PooledHttpClientProvider implements Provider<HttpClient> {
 
   @Override
   public HttpClient get() {
-    return new DefaultHttpClient(connectionManager);
+    HttpClient httpClient = new DefaultHttpClient(connectionManager);
+    HttpParams params = httpClient.getParams();
+    HttpHost proxy = new HttpHost("myproxy.name", 8080);
+    params.setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
+    return httpClient;
+
   }
 }

Jul 9, 2014
Project Member #1 David.Os...@gmail.com
Thanks a lot for the patch. This should be integrated into this commit: [1].

[1] https://gerrit-review.googlesource.com/57570
Status: Accepted
Cc: luca.mil...@gmail.com
Jul 9, 2014
#2 matt...@unsolvable.org
Unfortunately (for the reason I mentioned), the patch is not suitable as is (e.g. the name of the proxy is hard-coded).

A real programmer will need to turn the sample path into a real one (shouldn't be hard). Any volunteers? Sorry to dump this on you guys.

Jul 9, 2014
Project Member #3 David.Os...@gmail.com
Well that should be straight forward, Gerrit has already proxy settings [1]. They should be honored for outgoing connections to GH.

[1] https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#http
Jul 9, 2014
#4 matt...@unsolvable.org
Yes, although it doesn't look like Gerrit has proxy settings for https, which is what 
the connection to GitHub uses. Should separate configuration options be added for that?
Jul 17, 2014
Project Member #5 David.Os...@gmail.com
https://gerrit-review.googlesource.com/57570
Status: ChangeUnderReview
Sign in to add a comment

Powered by Google Project Hosting