Juice-shop: "Login CISO" challenge fails when using Google login button [🐛]

Created on 16 Oct 2020  ·  6Comments  ·  Source: bkimminich/juice-shop

:bug: Bug report

Description

Logging in as CISO bypassing oauth user doesn't seem to work anymore. There is a short succesful notice when attempting to login, but afterwards I get redirected to login page and no token is issued.

:microscope: Minimal Reproduction

As in the solution: make a failed login attempt as [email protected] with remember me box checked, refresh and login with oauth

:deciduous_tree: Your Environment

Locally and heroku

Additional Information

bug challenge help wanted

Most helpful comment

All 6 comments

Thanks a lot for opening your first issue with us! 🧡 We'll get back to you shortly! ⏳ If it was a _Support Request_, please consider asking on the community chat next time! 💬

The workaround that was in place originally for domains not recognized by the Google App also works here, so the challenge is still solvable. Just not in the way it was originally intended to be solved with.

A more detailed analysis needs to be done to verify if/where the necessary HTTP header with the old email got lost or broken or why Google rejects the login attempts.

Hi! I would like to work on this. Will follow up soon with PR.

Hi @Rishabh-Kumar-07, did you make any progress on this or should we consider it "up for grabs" again?

Hey. I am engaged otherwise. You can mark it "up for grabs". Apology for the trouble.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bkimminich picture bkimminich  ·  5Comments

bkimminich picture bkimminich  ·  6Comments

bkimminich picture bkimminich  ·  4Comments

bkimminich picture bkimminich  ·  6Comments

bkimminich picture bkimminich  ·  8Comments