Bug 877291

Summary: OpenId: Failed signed in with a Fedora account
Product: [Retired] Zanata Reporter: Ding-Yi Chen <dchen>
Component: Authentication-OpenIDAssignee: Carlos Munoz <camunoz>
Status: CLOSED CURRENTRELEASE QA Contact: Ding-Yi Chen <dchen>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.0CC: pahuang, zanata-bugs
Target Milestone: ---   
Target Release: 2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 2.0.3-SNAPSHOT (20121129-1430) Doc Type: Bug Fix
Doc Text:
Cause: Zanata caches the credentials input by the user and incorrectly assumes that if they have the same username/password as previously failed login attempts, then they must be invalid. Consequence: Some valid authentication attempts may fail. Fix: Reset Zanata's session cached user credentials after a failed login attempt to prevent this behavior. Result: Zanata should now validate every single login attempt and legitimate and valid user credentials will be accepted.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-26 03:46:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ding-Yi Chen 2012-11-16 07:15:03 UTC 
Description of problem:
Failed to Sign In as a Fedora user

Version-Release number of selected component (if applicable):
Zanata version 2.1-SNAPSHOT (20121112-1056) 
and Zanata version 2.0.3-SNAPSHOT (20121116-0019)

How reproducible:
Sometime (may be a cache issue)
More likely to reproduce with a newly opened browser

Steps to Reproduce:
0. Suppose you use firefox.
1. Close all firefox instances
2. Open a firefox instance.
3. Sign in as a Fedora user in an open ID enabled Zanata server.
  
Actual results:
Web UI Error message: Login failed

No server log reflect this error.

Expected results:
Either "Login to the Fedora Accounts System" 
or "Approve OpenID Request" web page is invoked.

Additional info:
Temporary workaround: Try sign in with different account name (fake one does not matter), then sign in with your username.
Comment 1 Carlos Munoz 2012-11-26 00:57:47 UTC 
This is caused by a very particular scenario where a login attempt fails initially with internal authentication, followed by another attempt to login with the same user name but using any open id authentication.

Since open id does not care for any provided password, Zanata assumes that because the user name is the same and the password has not changed since the last attempt, that the login must be invalidated. Other scenarios might cause the issue to be seen, like enabling an account and subsequently re-trying to log in.

The solution for this is to reset the account credentials after every failed login attempt.

See:
https://github.com/zanata/zanata/commit/4eb4911f5254bce9b6565512f23f3eb25df2974c
Comment 2 Ding-Yi Chen 2012-11-29 04:10:47 UTC 
Tested with Zanata version 2.0.3-SNAPSHOT (20121128-1507)
Problem is not fixed.

However. Zanata version 2.1-SNAPSHOT (20121128-1048) is fixed.

Please apply the fixed to release branch.
Comment 3 Carlos Munoz 2012-11-29 04:33:08 UTC 
Back-ported this fix to release branch (2.0.x).

See:
https://github.com/zanata/zanata/commit/4fcdf63cd515ab52a2f8928bc3df46cdb2684712
Comment 4 Ding-Yi Chen 2012-11-29 06:22:49 UTC 
VERIFIED with Zanata version 2.0.3-SNAPSHOT (20121129-1430)