Get project badges is broken (badge tokens are getting duplicated)

Current version: * Enterprise Edition* Version 9.4 (build 54424)

Issue:
When we need to get the project’s badges as administrator we see this message:
“An error has occurred. Please contact your administrator”

The badges on the project show broken and the badge link is showing like this:
.[![Quality Gate Status].

ht…://sonarqube.company.org/api/project_badges/measure?project=Gee%3AGeeTesting&metric=alert_status&token=

As you can see the token is missing…neither we are able to retrive via api using one of the tokens entries taken directly from the database.
Neither we can renew them.We get same message: “An error has occurred. Please contact your administrator”

Logs/Error:
2022.08.02 11:29:41 ERROR web[A…xl4uVmul38Fz13][o.s.s.w.WebServiceEngine] Fail to process request http://sonarqube.company.org/api/project_badges/token?project=Gee%3AGeeTesting
org.apache.ibatis.exceptions.TooManyResultsException: Expected one result (or null) to be returned by selectOne(), but found: 2

On the database, under project_badge_token table we see 2 entries linked to the same project_uuid.It shows same createdAt and UpdatedAt values but different token and uuid

Example:
|uuid|token|projectUuid|createdAt|updatedAt|
|AYIQgdouQAO98XbCRpgB|99709e5b74641c2a185501f25cb1bf43fd7e2a9d|AXhbDJX4loiQAIUm4Z3g|1658134321710|1658134321710|
|AYIQgdouQAO98XbCRpgC|4c9d8a6561e5755b731f59f47dc8c90ba9bb9864|AXhbDJX4loiQAIUm4Z3g|1658134321710|1658134321710|

Historic:
We upgraded from 8.9 to 9.4 on July 7th, 2022 but we just started to notice today those issues in few projects , in fact just 32 badges are duplicated at this point , while we have more than 1000 projects.

The only thing I can see at this point besides the upgrade is that :
[Sonar way] BUILT-IN 1 was updated 26 days ago
Some of our projects impacted use that C# QualityProfile

@Sonarqube experts:
Any idea why this could be impacting the project badges and duplicating them?
we are afraid we will have more duplications with the time.

What we will do in our side in the time being:
-remove the impacted projects from sonarqube using the deletion option and we will try to rescan them from scratch to see if they can get a new badge

-we don’t want to mess with the DB , removing one of the duplicated tokens in each project_uuid duplicated

  • we will monitor if we get more duplications in the next days

Wondering if anyone has seen this issue in new versions?
Our first badge_token duplication started the day of the upgrade.
We did a test today removing one of the project with 2 token badges, we made sure project and token badges were gone in the DB, after the rescan ended it created again 2 token badges.
we saw the 2 following lines in the web logs:
{“userLogin”:“domain_account”,“newValue”:{“userLogin”:“domain_account”,“projectKey”:“tea_bla:bla”,“userUuid”:“domain_account”},“createdAt”:“2022-08-03T10:47:33-0400”,“userUuid”:“domain_account”,“category”:“PROJECT_BADGE_TOKEN”,“operation”:“ADD”},
{“userLogin”:“domain_account”,“newValue”:{“userLogin”:“domain_account”,“projectKey”:“tea_bla:bla”,“userUuid”:“domain_account”},“createdAt”:“2022-08-03T10:47:33-0400”,“userUuid”:“domain_account”,“category”:“PROJECT_BADGE_TOKEN”,“operation”:“ADD”},

We removed project for 3rd time and made sure all was gone and this last time the token badge was created once.
We rescan it and the badge token is still doing good

We run the same gitlab job , config are all the same .We use Git and we use SSO with LDAP config in the sonar config with Apache to be able to use reverse proxy with https.

We see issue is happening random.What could it be?

Fix will be to force on your end the check up of token badges of projects before adding a new one , if it exist already on the db to force Sonar to avoid creating a new one.

Hi Yvette,

Thanks for the detailed report and raising this issue. I could reproduce and after investigation it appears that there is a race condition allowing to:

  1. call /api/project_badges/token several times concurrently and have 2 projects badge tokens generated
  2. call /api/project_badges/renew_token several times concurrently and have 2 projects badge tokens generated
  3. call a mixture of the 2 endpoints above and get 2 projects badge tokens generated

I have created this ticket to fix the problem. With a bit of luck, the fix will be published for version 9.6 that will be released in the next weeks.

2 Likes