-
Bug
-
Resolution: Cannot Reproduce
-
Minor
-
None
-
jenkinsci/jenkins:249
When trying to configure Jenkins 249 with the GitHub oauth plugin version 0.25, the following stack trace is reported:
Stack trace java.net.URISyntaxException: Illegal character in query at index 129: https://github.com/login/oauth/access_token?client_id=6e54313e9920047389fd&client_secret=4babaa34b5d495a7b99691eacf1407274ab4bf72 Revoke all user tokens&code=8a6ad024892f80d28de5 at java.net.URI$Parser.fail(URI.java:2829) at java.net.URI$Parser.checkChars(URI.java:3002) at java.net.URI$Parser.parseHierarchical(URI.java:3092) at java.net.URI$Parser.parse(URI.java:3034) at java.net.URI.<init>(URI.java:595) at java.net.URI.create(URI.java:857) Caused: java.lang.IllegalArgumentException: Illegal character in query at index 129: https://github.com/login/oauth/access_token?client_id=6e54313e9920047389fd&client_secret=4babaa34b5d495a7b99691eacf1407274ab4bf72 Revoke all user tokens&code=8a6ad024892f80d28de5 at java.net.URI.create(URI.java:859) at org.apache.http.client.methods.HttpPost.<init>(HttpPost.java:76) at org.jenkinsci.plugins.GithubSecurityRealm.getAccessToken(GithubSecurityRealm.java:407) at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:363) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:599) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:765) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:86) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745)
Looks like the url is encoded incorrectly, specifically url position 129 is a " " (space) character.
The url:
https://github.com/login/oauth/access_token?client_id=6e54313e9920047389fd&client_secret=4babaa34b5d495a7b99691eacf1407274ab4bf72 Revoke all user tokens&code=8a6ad024892f80d28de5
Github api correctly rejects the request with this (error):
error=incorrect_client_credentials&error_description=The+client_id+and%2For+client_secret+passed+are+incorrect.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fv3%2Foauth%2F%23incorrect-client-credentials
When I manually change the " " chars to "%20" in the url, this is reported (success):
access_token=c339a6afa9a9d6b0cfd5e4a571010e36a21d2898&scope=read%3Aorg%2Cuser%3Aemail&token_type=bearer
The relevant bits from config.xml:
<?xml version='1.0' encoding='UTF-8'?> <hudson> <disabledAdministrativeMonitors/> <version>2.49</version> <numExecutors>2</numExecutors> <mode>NORMAL</mode> <useSecurity>true</useSecurity> <authorizationStrategy class="org.jenkinsci.plugins.GithubAuthorizationStrategy" plugin="github-oauth@0.25"> <rootACL> <organizationNameList class="linked-list"> <string>dockpack</string> </organizationNameList> <adminUserNameList class="linked-list"> <string>belooussov</string> </adminUserNameList> <authenticatedUserReadPermission>true</authenticatedUserReadPermission> <useRepositoryPermissions>false</useRepositoryPermissions> <authenticatedUserCreateJobPermission>true</authenticatedUserCreateJobPermission> <allowGithubWebHookPermission>false</allowGithubWebHookPermission> <allowCcTrayPermission>false</allowCcTrayPermission> <allowAnonymousReadPermission>false</allowAnonymousReadPermission> <allowAnonymousJobStatusPermission>false</allowAnonymousJobStatusPermission> </rootACL> </authorizationStrategy> <securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm"> <githubWebUri>https://github.com</githubWebUri> <githubApiUri>https://api.github.com</githubApiUri> <clientID>6e54313e9920047389fd</clientID> <clientSecret>{AQAAABAAAABAnSyT5C/4e2PQ+XNw620vsjXq1WYc/BuOytlWlq1Inqd+duTukjb3rQbrDW+cyetOfWUrpd9hRb0z2vS8Abuv+LPkWmP7VqviC0YYSdFRpb8=}</clientSecret> <oauthScopes>read:org,user:email</oauthScopes> </securityRealm> <disableRememberMe>false</disableRememberMe> <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/> <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir> <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir> <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
Max