Hello,
I’ve head infinite redirect look when connecting drone to gitlab organisation.
It seems that team membership check is failing in the drone as demonstrated by following log line:
time=“2016-12-05T08:03:51Z” level=error msg="cannot verify team membership for .
After unsetting DRONE_ORGS authorization works correctly.
Regards,
Zibi
have you had a look at the recommended configurations?
http://readme.drone.io/0.5/install/authorization/
this was discussed previously here
https://gitter.im/drone/drone?at=580788082189c68f42ff9b31
https://gitter.im/drone/drone?at=5750750da78d5a256e3a5d55
Yes, I’m using it with DRONE_OPEN=true.
the DRONE_ORGS are case sensitive. For example, DRONE_ORGS=foo might fail if GitLab returns DRONE_ORGS=Foo. Can you confirm you have the orgs setup correctly per the values GitLab is returning?
basically this is the block of code that is failing:
// if self-registration is enabled for whitelisted organizations we need to
// check the user's organization membership.
if len(config.Orgs) != 0 {
teams, terr := remote.Teams(c, tmpuser)
if terr != nil || config.IsMember(teams) == false {
logrus.Errorf("cannot verify team membership for %s.", u.Login)
c.Redirect(303, "/login?error=access_denied")
return
}
}
Here are some possible reasons why this wouldn’t work:
DRONE_ORGS (most likely)I would recommend you dig into the code here to troubleshoot further at https://github.com/drone/drone/blob/master/server/login.go#L49
Checked the org name, it is all lowercase and matches with value specified in DRONE_ORGS, I guess better diagnostics could help in future.