Bug 1943925 - infinite redirects logging into copr
Summary: infinite redirects logging into copr
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Copr
Classification: Community
Component: frontend
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Tomecek
QA Contact:
URL:
Whiteboard:
: 1945977 1971591 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-28 13:34 UTC by Ryan Phillips
Modified: 2021-10-29 11:54 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-29 11:54:33 UTC
Embargoed:


Attachments (Terms of Use)

Description Ryan Phillips 2021-03-28 13:34:05 UTC
Description of problem:
I created a new account using accounts.fedoraproject.org, and then validated the account via email. Navigated to the copr website and clicked the Login button.  The browser throws an error about too many redirects. Logging into my account directly on accounts.fedoraproject.org shows my account information.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Pavel Raiskup 2021-03-29 07:00:11 UTC
Thank you for filling the bug!  This is hard to reproduce for me because
I have an account for a long time.

I would redirect you to appropriate people [1] but can you please share you
FAS id, and characterize a bit more the redirects (who redirects where)?

[1] https://pagure.io/fedora-infrastructure/new_issue

Comment 3 James Begley 2021-04-02 10:00:18 UTC
I'm getting the same issue, but with an old account. I have logged in via accounts.fedoraproject.org, and although I can log in to other areas (such as this bugzilla), clicking on the copr login icon results in firefox throwing an error stating this page isn't redirecting properly for the link https://copr.fedorainfracloud.org/login/?next=https://copr.fedorainfracloud.org/&openid_complete=yes&janrain_nonce=2021-04-02T09:56:48Z1eIAEc

Comment 4 Pavel Raiskup 2021-04-02 13:29:45 UTC
Can you try to log in using the full FAS email + password?

I've seen some people on IRC claiming there are long "delays" when logging-in
using just the name + password.  Adding Keving to CC, as he looked into this
before.

Comment 5 Pavel Raiskup 2021-04-03 09:26:21 UTC
*** Bug 1945977 has been marked as a duplicate of this bug. ***

Comment 6 Ivan Molodetskikh 2021-04-03 09:31:15 UTC
Yesterday when I got the redirect issue (https://bugzilla.redhat.com/show_bug.cgi?id=1945977) I logged in with email+password, today I tried nickname+password and it let me through.

Comment 7 James Begley 2021-04-03 12:31:22 UTC
Just browsing to https://copr.fedorainfracloud.org/login using firefox 87 (installed from rpm firefox-87.0-2.fc33.x86_64) results in a "The page isn’t redirecting properly" error message. That page loads fine in Chromium.
Since I can't browse to that page using firefox, I'm unable to log in using the full FAS email and password combination.

Comment 8 Kevin Fenzi 2021-04-03 19:29:33 UTC
So, email address should no longer be working (we thought we dropped it from fas a long time ago, but apparently not). 

Try:

* Make sure you are using all lower case (account system is lower case, if you try mixed at ipsilon, it will fail)
* Use account login, NOT email address
* login with your account login on https://accounts.fedoraproject.org. If that doesn't work, reset your password there and retry.
* Clear all cookies and cache from *fedoraproject.org and fedorainfracloud.org
* Try another browser/private browsing window. 

If all those fail, please drop by #fedora-admin on freenode or I guess use the infrastructure mailing list and we will try and track down whats going on and get it fixed. :)

Comment 9 Pavel Raiskup 2021-04-12 06:27:36 UTC
Ok, closing.  I believe that this is also related to bug 1948350 that is currently being fixed.

*** This bug has been marked as a duplicate of bug 1948350 ***

Comment 10 Pavel Raiskup 2021-04-15 14:43:59 UTC
(In reply to Kevin Fenzi from comment #8)
> So, email address should no longer be working (we thought we dropped it from
> fas a long time ago, but apparently not).

I don't think it is correct that we do a loop in redirects in such a case;  is it
a Copr fault that this happens, or the accounts.f.o fault?

Comment 11 Kevin Fenzi 2021-04-15 16:43:40 UTC
I agree a loop is not correct. I would expect one side or the other to error, not loop. 

That said, I have no idea which side is to blame. I guess we would need to data being passed back and forth?

Comment 12 Pavel Raiskup 2021-06-15 05:54:04 UTC
*** Bug 1971591 has been marked as a duplicate of this bug. ***

Comment 13 Pavel Raiskup 2021-06-15 05:55:37 UTC
Reopening, we forgot to take a look at breaking the indefinite loop.

Comment 14 Pavel Raiskup 2021-10-11 11:18:35 UTC
See also: https://pagure.io/ipsilon/issue/358

Comment 15 Tomas Tomecek 2021-10-12 09:05:44 UTC
I can easily reproduce. Funny thing is that even though I'm logged in, I can still get to the endless loop.

Comment 16 Tomas Tomecek 2021-10-12 13:12:49 UTC
Since this is not my area of expertise (OpenID), it's hard for me to tell how this is actually meant to function.

In the meantime I pinned this issue down to the difference that id.fp.o sends back for the two authentication flows:

https://pagure.io/ipsilon/issue/358#comment-757370

tl;dr, it differs in `openid.{claimed_id,identity}`

Comment 17 Tomas Tomecek 2021-10-13 11:19:02 UTC
Proposed a PR in ipsilon to fix this https://pagure.io//ipsilon/pull-request/362

Comment 18 Tomas Tomecek 2021-10-19 10:31:26 UTC
Also a fix on Copr's side: https://pagure.io/copr/copr/pull-request/1956#

The login still won't be possible, but instead you'll get an error message with what's wrong and you'll end up on the front page without the loop.

Comment 19 Tomas Tomecek 2021-10-29 11:54:33 UTC
The PR is now merged, thanks Pavel for a well-done set of reviews!


Note You need to log in before you can comment on or make changes to this bug.