Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

GitHub Enterprise authentication on exposed route

See original GitHub issue

Bug Report

Current Behavior In a custom route, authentication fails with a http: Not Found exception (on GHE, this is usually a permissions issue). Unable to perform the same operation in a custom route as from an event context, despite using the auth(id) syntax and the same request parameters.

In the example code below, the event properly reads the file’s contents, but the custom route does not and returns a http: Not Found error.

I made sure the App permissions had more than enough privileges on reading content.


app.on('issues.opened', async (context) => {

    const yamlResponse = await context.github.repos.getContents({
        repo: repoContext.repo,
        owner: repoContext.owner,
        path: 'some.yml',
    })

    const yamlEncoded = (yamlResponse.data as any).content
    const yaml = Buffer.from(yamlEncoded, 'base64').toString()
    context.log.info('some.yml', yaml)
})

const router = app.route('/my-bot')

router.get('/read', async (_: any, res: any) => {

    const ghe = await app.auth(Number(process.env.APP_ID))

    const yamlResponse = await ghe.repos.getContents({
        repo: 'my-bot', // matches the 'issues.opened' repo value
        owner: '123456', // matches the 'issues.opened' owner value
        path: 'some.yml',
    })

    const yamlEncoded = (yamlResponse.data as any).content
    const yaml = Buffer.from(yamlEncoded, 'base64').toString()
    context.log.info('some.yml', yaml)

    res.send({ testing: true })
})

Expected behavior/code Custom route API access behaves the exact same as the event.

Environment

Probot version(s): 9.5.3
Node/npm version: 10.16.3 / 6.12.0
OS: *deployment is CF nodejs buildpack (Linux)

Additional context/Screenshots

Requests are successful to the custom route when I remove the Probot code entirely from inside the custom route.

Logs

Again, GitHub Enterprise usually masks an authentication issue with a 404. So, this could technically be an issue with authentication or the API path that is getting generated. But, the code and values used above are nearly identical.

*The company GHE urls and app identifier info have been replaced with xxxx.

   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT 18:54:07.176Z DEBUG github: GitHub request: GET /repos/:owner/:repo/contents/:path - 404 (installation=xxxx)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   params: {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "baseUrl": "https://xxxx.com/api/v3",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "mediaType": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "format": "",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "previews": []
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "request": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       "validate": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "owner": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "path": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "ref": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         "repo": {
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "required": true,
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT           "type": "string"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT         }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     },
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "repo": "my-bot",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "owner": "123456",
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT     "path": "some.yml"
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR { Deprecation: [@octokit/request-error] `error.code` is deprecated, use `error.status`.
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at RequestError.get (/home/vcap/deps/0/node_modules/@octokit/request-error/dist-node/index.js:29:17)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Object.Logger.stdSerializers.err (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:1148:19)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at mkRecord (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:942:35)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Logger.error (/home/vcap/deps/0/node_modules/bunyan/lib/bunyan.js:1044:19)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at exports.logRequestErrors (/home/vcap/deps/0/node_modules/probot/lib/middleware/log-request-errors.js:5:17)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at newFn (/home/vcap/deps/0/node_modules/express-async-errors/index.js:16:20)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:71:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Layer.handle_error (/home/vcap/deps/0/node_modules/express/lib/router/layer.js:67:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at trim_prefix (/home/vcap/deps/0/node_modules/express/lib/router/index.js:315:13)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at /home/vcap/deps/0/node_modules/express/lib/router/index.js:284:7
   2019-10-23T18:54:07.18+0000 [RTR/18] OUT xxxx.xxxx.net - [2019-10-23T18:54:06.861+0000] "GET /my-bot/read HTTP/1.1" 404 0 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36" "xxx" "xxx" x_forwarded_for:"xxx" x_forwarded_proto:"https" vcap_request_id:"xxx" response_time:0.323307928 app_id:"xxxx" app_index:"0" x_global_transaction_id:"291d64505db0a1cea4c33221" true_client_ip:"-" x_b3_traceid:"6cd94597250a22ed" x_b3_spanid:"6cd94597250a22ed" x_b3_parentspanid:"-" b3:"xxxx"
   2019-10-23T18:54:07.18+0000 [RTR/18] OUT 
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Function.process_params (/home/vcap/deps/0/node_modules/express/lib/router/index.js:335:12)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Immediate.next (/home/vcap/deps/0/node_modules/express/lib/router/index.js:275:10)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at Immediate._onImmediate (/home/vcap/deps/0/node_modules/express/lib/router/index.js:635:15)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at runCallback (timers.js:706:11)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at tryOnImmediate (timers.js:676:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at processImmediate (timers.js:658:5)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] ERR     at process.topLevelDomainCallback (domain.js:126:23) name: 'Deprecation' }
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT 18:54:07.179Z ERROR http: Not Found (id=xxxx)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT   HttpError: Not Found
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       at response.text.then.message (/home/vcap/deps/0/node_modules/@octokit/request/dist-node/index.js:66:23)
   2019-10-23T18:54:07.17+0000 [APP/PROC/WEB/0] OUT       at process._tickCallback (internal/process/next_tick.js:68:7)
   2019-10-23T18:54:07.18+0000 [APP/PROC/WEB/0] OUT 18:54:07.184Z  INFO http: GET /my-bot-read 404 - 286.81 ms (id=xxxx)

bitmoji

Issue Analytics

State:
Created 4 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

ericiscommented, Oct 23, 2019

That did the trick @gr2m ! Thank you.

bitmoji

1reaction

gr2mcommented, Oct 23, 2019

GitHub Enterprise usually masks an authentication issue with a 404

It’s the same with github.com.

const ghe = await app.auth(Number(process.env.APP_ID))

const yamlResponse = await ghe.repos.getContents({
    repo: 'my-bot', // matches the 'issues.opened' repo value
    owner: '123456', // matches the 'issues.opened' owner value
    path: 'some.yml',
})

Problem here is that you pass in the app ID, but you have to pass in the installation ID. See https://probot.github.io/api/latest/classes/application.html#auth

<div>Application | probot</div>

Top Results From Across the Web

Connecting to a private network - GitHub Enterprise Server 3.5 ...

You can connect GitHub-hosted runners to resources on a private network, including package registries, secret managers, and other on-premises services.

Getting started with the REST API - GitHub Enterprise Server ...

Although some REST API operations are accessible without authentication, you must authenticate to GitHub CLI in order to use the api subcommand. About...

Resources in the REST API - GitHub Enterprise Server 3.5 Docs

There are two ways to authenticate through GitHub Enterprise Server REST API. ... For GET requests, any parameters not specified as a segment...

GitHub Enterprise Onboarding Guide

Authenticating users for your GitHub Enterprise instance. Choose your authentication method: Enterprise Server's built-in authentication or pre-existing LDAP, ...

Support github enterprise · Issue #250 · OWASP/threat-dragon

I was able to authenticate through my github enterprise / sso ... 'core',\n 'access-control-expose-headers': 'ETag, Link, Location, ...