Issue 1973: gitweb link does not authenticate
Status:  Released
Owner: ----
Closed:  Jul 2
Reported by builder....@gmail.com, Jun 21, 2013
Affected Version: 2.6rc4

The problem is that I have HTTP_LDAP authentication. When I have a gitweb link to a file from my issue tracker I get an error 404. However, if I first go to gerrit I do not have this issue.


What steps will reproduce the problem?
1. Close all browser tabs
2. Login to issue tracker (HTTP LDAP apache)
3. Use direct link to gitweb url (http://www.example.com/r/gitweb?...)
4. error 404

This is ok
1. Close all browser tabs
2. Login to issue tracker (HTTP LDAP apache)
3. Goto gerrit http://www.example.com/r/#/
4. Goto issue tracker
5. Use direct link to gitweb url (http://www.example.com/r/gitweb?...)
6. No error

What is the expected output? What do you see instead?
I would expect to see the file or diff as my session has already been authenticated.


Please provide any additional information below.
Ubuntu 12.04, OpenLdap, Apache 2.2, gerrirt 2.6rc4

Jun 23, 2013
#1 builder....@gmail.com
When I am trying to test this it actually works fine. I think the authentication issue arise when the session has been authenticated but then inactive for a while as I was working inside the other application. Then when I switch back to Gerrit using the direct gitweb link I get the error, but when I switch to the main Gerrit window I guess some re-authentication is done that succeeds.
Jun 24, 2013
#2 builder....@gmail.com
I can confirm now that it is caused by the session time out. I normally do not shut down my laptop during the weekdays and therefor didn't notice this yesterday. But this morning I tried it and I got the error 404. 
So, if the session for Gerrit has NOT been authenticated the authentication will be done and the gitweb link will show the correct page. But when the session has been authenticated but has timed out the session will not be re-authenticated and an error 404 will be shown.

I had a look at the code but I think this is a bit out of my league. Although a minor issue I hope it can be fixed or else I will get lots of questions from the end users about this...
Aug 12, 2013
#3 drachenk...@googlemail.com
Hello,

i have the same Issue, but in Version 2.7rc2.

Some user send me a Link to gitweb, I click on the link, then 404. But, if I call the gerrit UI it work.
Aug 13, 2013
#4 mikko.ra...@iki.fi
If not obvious, this problem is easy to reproduce by using the private browsing or incognito modes in browsers. Just try accessing any of the gerrit gitweb URL's in those and they will fail.
Feb 13, 2014
#5 owl3...@gmail.com
I got the same issue.
reproduction is easy by:
1. no login to gerrit
2. use gitweb url directly to access it
ex. http://192.168.1.2:8081/gitweb?p=SSproj.git;a=commit;h=c4b858d4f1f3281b925100615876663ca6a84b74
Mar 11, 2014
#6 subees...@gmail.com
For users with Administrator access, the gitweb works. 404 Not Found error comes for the normal developers.

Apr 3, 2014
#8 waldo.bo...@gmail.com
From Gerrit manual:
*************************************
Access Control

Access controls for internally managed gitweb page views are enforced using the standard project READ +1 permission.

Also, in order for a user to be able to view any gitweb information for a project, the user must be able to read all references (including refs/meta/config, refs/meta/dashboards/*, etc.). If you have exclusive read permissions for any references, make sure to include all parties that should be able to read the gitweb info for any of the branches in that project.
**********************
After adding read (refs/meta/config) for registered users, gitweb work OK also for normal developers.
Dec 11, 2014
#9 herve.fa...@gmail.com
If anyone has found a solution in the last 8 months, please post! Ideally, Gerrit should re-direct the user to the login screen.

Note that until one clicks a gitweb link, the user name still appears at the top right, so we really have no prior indication that the session timed out.

Not sure this bug really is 'minor', especially given the time I waste in support because of this...
Jul 2, 2015
Project Member #10 edwin.ke...@gmail.com
I believe this was fixed by [1,2].

[1] https://gerrit-review.googlesource.com/57801
[2] https://gerrit-review.googlesource.com/57800
Status: Released
Labels: FixedIn-2.10