Probot: GitHub Enterprise authentication on exposed route

Created on 23 Oct 2019  路  5Comments  路  Source: probot/probot

Bug Report

Current Behavior
In a custom route, authentication fails with a http: Not Found exception (on GHE, this is usually a permissions issue). Unable to perform the same operation in a custom route as from an event context, despite using the auth(id) syntax and the same request parameters.

In the example code below, the event properly reads the file's contents, but the custom route does not and returns a http: Not Found error.

_I made sure the App permissions had more than enough privileges on reading content._


app.on('issues.opened', async (context) => {

    const yamlResponse = await context.github.repos.getContents({
        repo: repoContext.repo,
        owner: repoContext.owner,
        path: 'some.yml',
    })

    const yamlEncoded = (yamlResponse.data as any).content
    const yaml = Buffer.from(yamlEncoded, 'base64').toString()
    context.log.info('some.yml', yaml)
})

const router = app.route('/my-bot')

router.get('/read', async (_: any, res: any) => {

    const ghe = await app.auth(Number(process.env.APP_ID))

    const yamlResponse = await ghe.repos.getContents({
        repo: 'my-bot', // matches the 'issues.opened' repo value
        owner: '123456', // matches the 'issues.opened' owner value
        path: 'some.yml',
    })

    const yamlEncoded = (yamlResponse.data as any).content
    const yaml = Buffer.from(yamlEncoded, 'base64').toString()
    context.log.info('some.yml', yaml)

    res.send({ testing: true })
})

Expected behavior/code
Custom route API access behaves the exact same as the event.

Environment

  • Probot version(s): 9.5.3
  • Node/npm version: 10.16.3 / 6.12.0
  • OS: *deployment is CF nodejs buildpack (Linux)

Additional context/Screenshots

Requests are successful to the custom route when I remove the Probot code entirely from inside the custom route.

Logs

_Again, GitHub Enterprise usually masks an authentication issue with a 404. So, this could technically be an issue with authentication or the API path that is getting generated. But, the code and values used above are nearly identical._

_*The company GHE urls and app identifier info have been replaced with xxxx._

   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT 18:54:07.176Z DEBUG github: GitHub request: GET /repos/:owner/:repo/contents/:path - 404 (installation=xxxx)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   params: {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "baseUrl": "https://xxxx.com/api/v3",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "mediaType": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "format": "",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "previews": []
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "request": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "validate": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "owner": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "path": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "ref": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "repo": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "repo": "my-bot",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "owner": "123456",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "path": "some.yml"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR { Deprecation: [@octokit/request-error] `error.code` is deprecated, use `error.status`.
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at RequestError.get (/home/vcap/deps/0/node_modules/@octokit/request-error/dist-node/index.js:29:17)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Object.Logger.stdSerializers.err (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:1148:19)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at mkRecord (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:942:35)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Logger.error (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:1044:19)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at exports.logRequestErrors (/home/vcap/deps/0/node_modules/probot/lib/middleware/log-request-errors.js:5:17)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at newFn (/home/vcap/deps/0/node_modules/express-async-errors/index.js:16:20)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:71:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.18+0000 [RTR/18] OUT xxxx.xxxx.net - [2019-10-23T18:54:06.861+0000] "GET /my-bot/read HTTP/1.1" 404 0 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36" "xxx" "xxx" x_forwarded_for:"xxx" x_forwarded_proto:"https" vcap_request_id:"xxx" response_time:0.323307928 app_id:"xxxx" app_index:"0" x_global_transaction_id:"291d64505db0a1cea4c33221" true_client_ip:"-" x_b3_traceid:"6cd94597250a22ed" x_b3_spanid:"6cd94597250a22ed" x_b3_parentspanid:"-" b3:"xxxx"
   2019-10-23T18:54:07.18+0000 [RTR/18] OUT 
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Immediate.next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Immediate._onImmediate (/home/vcap/deps/0/node_modules/express/lib/router/index.js:635:15)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at runCallback (timers.js:706:11)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at tryOnImmediate (timers.js:676:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at processImmediate (timers.js:658:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at process.topLevelDomainCallback (domain.js:126:23) name: 'Deprecation' }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT 18:54:07.179Z ERROR http: Not Found (id=xxxx)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   HttpError: Not Found
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       at response.text.then.message (/home/vcap/deps/0/node_modules/@octokit/request/dist-node/index.js:66:23)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       at process._tickCallback (internal/process/next_tick.js:68:7)
   2019-10-23T18:54:07.18+0000 [APP/PROC/WEB/0] OUT 18:54:07.184Z  INFO http: GET /my-bot-read 404 - 286.81 ms (id=xxxx)

bitmoji

bug 馃悶

All 5 comments

Thanks for opening this issue. A contributor should be by to give feedback soon. In the meantime, please check out the contributing guidelines and explore other ways you can get involved.

Issue-Label Bot is automatically applying the label bug 馃悶 to this issue, with a confidence of 0.91. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

GitHub Enterprise usually masks an authentication issue with a 404

It's the same with github.com.

const ghe = await app.auth(Number(process.env.APP_ID))

const yamlResponse = await ghe.repos.getContents({
    repo: 'my-bot', // matches the 'issues.opened' repo value
    owner: '123456', // matches the 'issues.opened' owner value
    path: 'some.yml',
})

Problem here is that you pass in the app ID, but you have to pass in the installation ID. See https://probot.github.io/api/latest/classes/application.html#auth

Well, that would be an easy fix! I am testing that now @gr2m .

I'll report back and close if it's fixed.

That did the trick @gr2m ! Thank you.

bitmoji

Was this page helpful?
0 / 5 - 0 ratings

Related issues

zeke picture zeke  路  4Comments

hiimbex picture hiimbex  路  4Comments

zeke picture zeke  路  6Comments

lukepighetti picture lukepighetti  路  5Comments

rtsao picture rtsao  路  3Comments