Fails to authenticate thru openid

[icarito]

Please describe the problem (or idea)

Trying to login with spectralworkbench.org or mapknitter.org

What happened just before the problem occurred? Or what problem could this idea solve?

Obtained error instead of authorization.

Logs:

Started POST "/openid/decision" for 190.113.212.64 at 2018-05-12 23:04:46 +0000
Processing by OpenidController#decision as HTML
  Parameters: {"authenticity_token"=>"mZGIfx021goan3ba1XNmpj2U3SJmEfAq7SaLO/rpyZTIhILocj420u+9P7ml+XGUWoU3bR3er9bccA==", "yes"=>"Yes"}
Completed 500 Internal Server Error in 2ms (ActiveRecord: 0.5ms)

NoMethodError (undefined method `identity' for nil:NilClass):
  app/controllers/openid_controller.rb:182:in `decision'

---

Delaney originally wrote in to web@publiclab.org:

Bug trying to log in to mapknitter.org with my publiclab log in! "There was an error, sorry for the trouble" right after clicking "login". womp.

Sebastian confirmed:

I can confirm, I get "empty response" from here - and seeing the same thing at spectralworkbench.org.
As if our openid endpoint were broken somehow.
Also I see 500 error now.

[jywarren]

Let's look at recent changes to users_controller

…

On Sat, May 12, 2018, 7:06 PM Sebastian Silva ***@***.***> wrote: Please describe the problem (or idea) Trying to login with spectralworkbench.org or mapknitter.org What happened just before the problem occurred? Or what problem could this idea solve? Obtained error instead of authorization. Logs: Started POST "/openid/decision" for 190.113.212.64 at 2018-05-12 23:04:46 +0000 Processing by OpenidController#decision as HTML Parameters: {"authenticity_token"=>"mZGIfx021goan3ba1XNmpj2U3SJmEfAq7SaLO/rpyZTIhILocj420u+9P7ml+XGUWoU3bR3er9bccA==", "yes"=>"Yes"} Completed 500 Internal Server Error in 2ms (ActiveRecord: 0.5ms) NoMethodError (undefined method `identity' for nil:NilClass): app/controllers/openid_controller.rb:182:in `decision' — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#2727>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJ98CytBuX_IeWEPxsQKDz7sEfjdaks5tx2rJgaJpZM4T8l86> .

[jywarren]

Actually looks like this is returning nil --

plots2/app/controllers/openid_controller.rb

Line 173 in 1291ce1

oidreq = session[:last_oidreq]

@publiclab/reviewers any ideas why this might happen? Maybe recent Rails upgrades changed session behavior?

[jywarren]

Maybe a lot w sessions has changed? https://stackoverflow.com/questions/17480487/rails-4-session-expiry

@Souravirus know anything about this?

[jywarren]

Maybe fixes available here?

https://stackoverflow.com/questions/14720544/sessions-in-rails-4

[Souravirus]

No, I don't know much about sessions and influence of the rails 4.2 update to sessions. But, still I am seeing about this, as of why this is happening.

[jywarren]

Do we have activerecord-session_store in our gemfile as in the stack overflow link?

[jywarren]

We do! Hmm

[jywarren]

It's set to active record store. Is that still supported? Maybe we need to set up cookie storage?

https://github.com/publiclab/plots2/blob/master/config/initializers/session_store.rb

[jywarren]

I guess rails 4.2 is not supported?

rails/activerecord-session_store#118 (comment)

So do we switch to cookie storage?

[Souravirus]

Yeah we can switch to cookie storage. But before that we can try with dalli gem as is given the stack overflow link.

[jywarren]

Looking into this now: http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html

[jywarren]

So, i was actually able to sign into both -- this is why this didn't show up -- i think line 173 is failing because for a first-time user, there is nothing stored in session[:last_oidreq].

Our code is based exactly on this example:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/app/controllers/server_controller.rb#L76

So I'm not sure what's up... interestingly they actually show this error in their example's logs:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/log/development.log#L752

[jywarren]

is there no provision for if last_oidreq is missing? Hmm... any help appreciated!

[jywarren]

@icarito says this is no longer affecting him???

Maybe we need to in incognito, create a completely new user on PL.org - and try logging in from SWB or MapKnitter.org?

[jywarren]

Also possible relation to #2021

[jywarren]

OK status -- need to reproduce!

[jywarren]

Perhaps it's intermittent -- like, what if it happens just the very first time someone goes through this process, but never again?

[jywarren]

Ooh! got same error with tester user!

[jywarren]

Reproducible too!

[icarito]

I'm going to review this again as we've got a report from another user.

[icarito]

I tried a naive approach at #2807 - but it didn't work. I'm guessing the underlying Gem is variously broken accross releases because openid is mostly deprecated elsewhere and we've been upgrading our stack. :-/

[jywarren]

Can you paste in the log so I can try debugging?

[jywarren]

[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] Started POST "/openid/decision" for 93.239
.154.117 at 2018-06-10 00:37:36 +0000
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] ActionController::RoutingError (No route m
atches [POST] "/openid/decision"):
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   

[icarito]

Thanks!

[Souravirus]

Here is what I face when I try to login through spectral workbench or mapknitter. When I first try to login I get into a no logged in state and when I try to log in second time, I get an error

And to test it locally you can follow the procedures given in https://github.com/publiclab/plots2/blob/master/doc/OPENID.md

[jywarren]

Attempted fix in #2815 is merged -- publishing to production then let's test!

[jywarren]

Confirmed it's fixed. If you can test this out please do!