Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fails to authenticate thru openid #2727

Closed
icarito opened this issue May 12, 2018 · 27 comments · Fixed by #2810 or #2815
Closed

Fails to authenticate thru openid #2727

icarito opened this issue May 12, 2018 · 27 comments · Fixed by #2810 or #2815
Assignees
Labels
help wanted requires help by anyone willing to contribute Ruby security

Comments

@icarito
Copy link
Member

icarito commented May 12, 2018

Please describe the problem (or idea)

Trying to login with spectralworkbench.org or mapknitter.org

What happened just before the problem occurred? Or what problem could this idea solve?

Obtained error instead of authorization.

Logs:

Started POST "/openid/decision" for 190.113.212.64 at 2018-05-12 23:04:46 +0000
Processing by OpenidController#decision as HTML
  Parameters: {"authenticity_token"=>"mZGIfx021goan3ba1XNmpj2U3SJmEfAq7SaLO/rpyZTIhILocj420u+9P7ml+XGUWoU3bR3er9bccA==", "yes"=>"Yes"}
Completed 500 Internal Server Error in 2ms (ActiveRecord: 0.5ms)

NoMethodError (undefined method `identity' for nil:NilClass):
  app/controllers/openid_controller.rb:182:in `decision'



Delaney originally wrote in to [email protected]:

Bug trying to log in to mapknitter.org with my publiclab log in! "There was an error, sorry for the trouble" right after clicking "login". womp.

Sebastian confirmed:

I can confirm, I get "empty response" from here - and seeing the same thing at spectralworkbench.org.
As if our openid endpoint were broken somehow.
Also I see 500 error now.

@jywarren
Copy link
Member

jywarren commented May 12, 2018 via email

@jywarren
Copy link
Member

Actually looks like this is returning nil --

oidreq = session[:last_oidreq]

@publiclab/reviewers any ideas why this might happen? Maybe recent Rails upgrades changed session behavior?

@jywarren
Copy link
Member

Maybe a lot w sessions has changed? https://stackoverflow.com/questions/17480487/rails-4-session-expiry

@Souravirus know anything about this?

@jywarren
Copy link
Member

Maybe fixes available here?

https://stackoverflow.com/questions/14720544/sessions-in-rails-4

@jywarren jywarren added high-priority help wanted requires help by anyone willing to contribute Ruby security labels May 12, 2018
@Souravirus
Copy link
Member

No, I don't know much about sessions and influence of the rails 4.2 update to sessions. But, still I am seeing about this, as of why this is happening.

@jywarren
Copy link
Member

Do we have activerecord-session_store in our gemfile as in the stack overflow link?

@jywarren
Copy link
Member

We do! Hmm

@jywarren
Copy link
Member

It's set to active record store. Is that still supported? Maybe we need to set up cookie storage?

https://github.com/publiclab/plots2/blob/master/config/initializers/session_store.rb

@jywarren
Copy link
Member

I guess rails 4.2 is not supported?

rails/activerecord-session_store#118 (comment)

So do we switch to cookie storage?

@Souravirus
Copy link
Member

Yeah we can switch to cookie storage. But before that we can try with dalli gem as is given the stack overflow link.

@jywarren
Copy link
Member

Looking into this now: http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html

@jywarren
Copy link
Member

So, i was actually able to sign into both -- this is why this didn't show up -- i think line 173 is failing because for a first-time user, there is nothing stored in session[:last_oidreq].

Our code is based exactly on this example:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/app/controllers/server_controller.rb#L76

So I'm not sure what's up... interestingly they actually show this error in their example's logs:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/log/development.log#L752

@jywarren
Copy link
Member

is there no provision for if last_oidreq is missing? Hmm... any help appreciated!

@jywarren
Copy link
Member

jywarren commented May 25, 2018

@icarito says this is no longer affecting him???

Maybe we need to in incognito, create a completely new user on PL.org - and try logging in from SWB or MapKnitter.org?

@jywarren
Copy link
Member

Also possible relation to #2021

@jywarren
Copy link
Member

OK status -- need to reproduce!

@jywarren
Copy link
Member

jywarren commented Jun 8, 2018

Perhaps it's intermittent -- like, what if it happens just the very first time someone goes through this process, but never again?

@jywarren
Copy link
Member

jywarren commented Jun 8, 2018

Ooh! got same error with tester user!
screenshot 2018-06-08 at 6 15 13 pm

@jywarren
Copy link
Member

jywarren commented Jun 8, 2018

Reproducible too!

@icarito
Copy link
Member Author

icarito commented Jun 9, 2018

I'm going to review this again as we've got a report from another user.

@icarito
Copy link
Member Author

icarito commented Jun 9, 2018

I tried a naive approach at #2807 - but it didn't work. I'm guessing the underlying Gem is variously broken accross releases because openid is mostly deprecated elsewhere and we've been upgrading our stack. :-/

@jywarren
Copy link
Member

Can you paste in the log so I can try debugging?

@jywarren
Copy link
Member

[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] Started POST "/openid/decision" for 93.239
.154.117 at 2018-06-10 00:37:36 +0000
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] ActionController::RoutingError (No route m
atches [POST] "/openid/decision"):
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   

@ghost ghost removed the high-priority label Jun 10, 2018
@icarito
Copy link
Member Author

icarito commented Jun 10, 2018

Thanks!

@Souravirus
Copy link
Member

Souravirus commented Jun 10, 2018

Here is what I face when I try to login through spectral workbench or mapknitter. When I first try to login I get into a no logged in state and when I try to log in second time, I get an error
screenshot from 2018-06-10 20-40-21

And to test it locally you can follow the procedures given in https://github.com/publiclab/plots2/blob/master/doc/OPENID.md

@jywarren
Copy link
Member

Attempted fix in #2815 is merged -- publishing to production then let's test!

@jywarren
Copy link
Member

Confirmed it's fixed. If you can test this out please do!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted requires help by anyone willing to contribute Ruby security
Projects
None yet
3 participants