Skip to content

Searching a user returns "extern_uid, provider provide all or none of parameters" for an omniauth-oauth2-generic user.

Summary

By admin, Calling Get /users?extern_uid=123&provider=oauth2_generic will return {"error":"extern_uid, provider provide all or none of parameters"} even though an external user ID and provider have been specified in the function parameters.

Steps to reproduce

  1. Sign in default root(id=1)
  2. Generate personal access token.
  3. Call curl with admin's access_token.
    curl --header "PRIVATE-TOKEN: #{ADMIN_ACCESS_TOKEN}" #{GITLAB_HOST}/api/v4/users?extern_uid=1&provider=oauth2_generic
  4. Get the response.

What is the current bug behavior?

The API returns {"error":"extern_uid, provider provide all or none of parameters"}.

I set a variable, but I get a strange response.

The user has already signed in with omniauth-oauth2-genenric.

But /users API with extern_uid and provider is invalid.

It doesn't seem like a permission or variable problem.

What is the expected correct behavior?

I need to get user information that matches the extern_uid and provider.

Output of checks

  • empty params /users API result
    curl --header "PRIVATE-TOKEN: #{ADMIN_ACCESS_TOKEN}" http://myhost.gitlab.com/api/v4/users 
[
...
    {
        "id": 17,
        "name": "test_user",
        "username": "1234567890",
        "state": "active",
        "avatar_url": "https://www.gravatar.com/avatar/1671b60bb02fa8b9a04a9c7b6a8d7374?s=80&d=identicon",
        "web_url": "http://myhost.gitlab.com/1234567890",
        "created_at": "2019-08-19T01:52:09.737Z",
        "bio": null,
        "location": null,
        "public_email": "",
        "skype": "",
        "linkedin": "",
        "twitter": "",
        "website_url": "",
        "organization": null,
        "last_sign_in_at": "2019-08-19T01:52:09.799Z",
        "confirmed_at": "2019-08-19T01:52:09.617Z",
        "last_activity_on": "2019-08-19",
        "email": "test@test.com",
        "theme_id": 1,
        "color_scheme_id": 1,
        "projects_limit": 100000,
        "current_sign_in_at": "2019-08-19T01:52:09.799Z",
        "identities": [
            {
                "provider": "oauth2_generic",
                "extern_uid": "668"
            }
        ],
        "can_create_group": true,
        "can_create_project": true,
        "two_factor_enabled": false,
        "external": false,
        "private_profile": false,
        "is_admin": false
    }
...
]
  • /users API with extern_uid and provider
    curl --header "PRIVATE-TOKEN: #{ADMIN_ACCESS_TOKEN}" http://myhost.gitlab.com/api/v4/users?extern_uid=668&provider=oauth2_generic 
{"error":"extern_uid, provider provide all or none of parameters"}

Results of GitLab environment info

System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.6.3p62
Gem Version:    3.0.3
Bundler Version:1.17.2
Rake Version:   12.3.2
Redis Version:  5.0.5
Git Version:    2.22.0
Sidekiq Version:5.2.7
Go Version:     go1.12.7 linux/amd64

GitLab information
Version:        12.1.3
Revision:       6ccbccc2010
Directory:      /home/git/gitlab
DB Adapter:     PostgreSQL
DB Version:     11.5
URL:            private
HTTP Clone URL: private
SSH Clone URL:  private
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers: oauth2_generic

GitLab Shell
Version:        9.3.0
Repository storage paths:
- default:      /home/git/repositories
GitLab Shell path:              /home/git/gitlab-shell
Git:            /usr/bin/git

Results of GitLab application Check

Checking GitLab subtasks ...

Checking GitLab Shell ...

GitLab Shell: ... GitLab Shell version >= 9.3.0 ? ... OK (9.3.0)
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK

Access to /home/git/.ssh/authorized_keys: OK
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Gitaly ...

Gitaly: ... default ... OK

Checking Gitaly ... Finished

Checking Sidekiq ...

Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Incoming Email ...

Incoming Email: ... Reply by email is disabled in config/gitlab.yml

Checking Incoming Email ... Finished

Checking LDAP ...

LDAP: ... LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab App ...

Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet)
Init script exists? ... yes
Init script up-to-date? ... no
  Try fixing it:
  Re-download the init script
  For more information see:
  doc/install/installation.md in section "Install Init Script"
  Please fix the error above and rerun the checks.
Projects have namespace: ...
17/1 ... yes
17/2 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.3)
Git version >= 2.21.0 ? ... yes (2.22.0)
Git user has default SSH configuration? ... yes
Active users: ... 3

Checking GitLab App ... Finished

Checking GitLab subtasks ... Finished
Edited by minhyeok.ju