Skip to content
This repository has been archived by the owner on Aug 27, 2024. It is now read-only.

Private repository access does not work #441

Closed
prayerslayer opened this issue Sep 14, 2016 · 5 comments
Closed

Private repository access does not work #441

prayerslayer opened this issue Sep 14, 2016 · 5 comments
Labels
bug

Comments

@prayerslayer
Copy link
Contributor

prayerslayer commented Sep 14, 2016
edited
Loading

I get redirected correctly, but the cookie is always set to minimal and I don't see the private repositories.

Problem

Everything works as supposed most of the time:

  • Redirect to /change-access-level with correct parameter
  • Cookie is set appropriately (as this happens after database update, the db should also contain the correct value)
  • Authorization at Github works fine
  • Everything is great, UNTIL:

The browser requests / after auth flow — instead of a 200 with HTML it receives a 302 to /change-access-level?level=minimal and does the whole login flow again with less permissions. This suggests that the database did not actually contain extended.

This only seems to happen in prod (both GH and GHE), locally it works fine with both postgres and sqlite database (so it's not an ORM issue).

Debug log output from prod:

13:12:51 zappr:model:debug 2016-09-15T13:12:51Z Executing (default): SELECT "id", "access_level", "json", "createdAt", "updatedAt" FROM "zappr_data"."users" AS "user" WHERE "user"."id" = 878512;  
13:12:51 zappr:model:debug 2016-09-15T13:12:51Z Executing (default): UPDATE "zappr_data"."users" SET "access_level"='extended',"updatedAt"='2016-09-15 13:12:51.000 +00:00' WHERE "id" = 878512  
13:12:51 zappr:api-auth:info 2016-09-15T13:12:51Z ensureMode start  
13:12:51 zappr:api-auth:info 2016-09-15T13:12:51Z ensureMode:prayerslayer  
13:12:51 zappr:model:debug 2016-09-15T13:12:51Z Executing (default): SELECT "id", "access_level", "json", "createdAt", "updatedAt" FROM "zappr_data"."users" AS "user" LIMIT 1;  
13:12:51 zappr:api-auth:info 2016-09-15T13:12:51Z ensureMode:prayerslayer: level = "minimal" (DB)  
13:12:51 zappr:api-auth:info 2016-09-15T13:12:51Z ensureMode:prayerslayer: level = "minimal" (COOKIE)  
13:12:51 zappr:api-auth:info 2016-09-15T13:12:51Z ensureMode end

Current suspicion: A subtlety of using async/await that doesn't show locally because "network access" is instant.

Cause

Notice how the SELECT after UPDATE misses a WHERE clause...
@christoff-1992
Copy link

I can also confirm I am unable to see private repos after authorisation.

@prayerslayer
Copy link
Contributor Author

Ya, I'm really sorry. Will look into this today and hopefully fix it. Original comment will be updated with progress.

@prayerslayer prayerslayer mentioned this issue Sep 15, 2016
Merged
@prayerslayer
Copy link
Contributor Author

I just tried, works for me now!

@christoff-1992
Copy link

Can also confirm its working! Thanks for that.. now for the fun part are you guys looking at integrating github native review process since it's been released this morning.

@prayerslayer
Copy link
Contributor Author

are you guys looking at integrating github native review process since it's been released this morning

See here: #442

It's hard to say now. We have certain requirements and might turn out that GH approvals are completely unsusable for our purposes, partially (in which case we would try to integrate them in Zappr) or totally fine (in which case we would remove the approval feature from Zappr). In any case we have to wait for this feature to be supported in API, web hooks and GitHub Enterprise, which usually follows a couple of weeks/months after release.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prayerslayer @christoff-1992