Bug 877291 - OpenId: Failed signed in with a Fedora account
OpenId: Failed signed in with a Fedora account
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Authentication-OpenID (Show other bugs)
2.0
Unspecified Unspecified
unspecified Severity high
: ---
: 2.0
Assigned To: Carlos Munoz
Ding-Yi Chen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-16 02:15 EST by Ding-Yi Chen
Modified: 2013-02-25 22:46 EST (History)
2 users (show)

See Also:
Fixed In Version: 2.0.3-SNAPSHOT (20121129-1430)
Doc Type: Bug Fix
Doc Text:
Cause: Zanata caches the credentials input by the user and incorrectly assumes that if they have the same username/password as previously failed login attempts, then they must be invalid. Consequence: Some valid authentication attempts may fail. Fix: Reset Zanata's session cached user credentials after a failed login attempt to prevent this behavior. Result: Zanata should now validate every single login attempt and legitimate and valid user credentials will be accepted.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-25 22:46:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ding-Yi Chen 2012-11-16 02:15:03 EST
Description of problem:
Failed to Sign In as a Fedora user

Version-Release number of selected component (if applicable):
Zanata version 2.1-SNAPSHOT (20121112-1056) 
and Zanata version 2.0.3-SNAPSHOT (20121116-0019)

How reproducible:
Sometime (may be a cache issue)
More likely to reproduce with a newly opened browser

Steps to Reproduce:
0. Suppose you use firefox.
1. Close all firefox instances
2. Open a firefox instance.
3. Sign in as a Fedora user in an open ID enabled Zanata server.
  
Actual results:
Web UI Error message: Login failed

No server log reflect this error.

Expected results:
Either "Login to the Fedora Accounts System" 
or "Approve OpenID Request" web page is invoked.

Additional info:
Temporary workaround: Try sign in with different account name (fake one does not matter), then sign in with your username.
Comment 1 Carlos Munoz 2012-11-25 19:57:47 EST
This is caused by a very particular scenario where a login attempt fails initially with internal authentication, followed by another attempt to login with the same user name but using any open id authentication.

Since open id does not care for any provided password, Zanata assumes that because the user name is the same and the password has not changed since the last attempt, that the login must be invalidated. Other scenarios might cause the issue to be seen, like enabling an account and subsequently re-trying to log in.

The solution for this is to reset the account credentials after every failed login attempt.

See:
https://github.com/zanata/zanata/commit/4eb4911f5254bce9b6565512f23f3eb25df2974c
Comment 2 Ding-Yi Chen 2012-11-28 23:10:47 EST
Tested with Zanata version 2.0.3-SNAPSHOT (20121128-1507)
Problem is not fixed.

However. Zanata version 2.1-SNAPSHOT (20121128-1048) is fixed.

Please apply the fixed to release branch.
Comment 3 Carlos Munoz 2012-11-28 23:33:08 EST
Back-ported this fix to release branch (2.0.x).

See:
https://github.com/zanata/zanata/commit/4fcdf63cd515ab52a2f8928bc3df46cdb2684712
Comment 4 Ding-Yi Chen 2012-11-29 01:22:49 EST
VERIFIED with Zanata version 2.0.3-SNAPSHOT (20121129-1430)

Note You need to log in before you can comment on or make changes to this bug.