Plots2: Fails to authenticate thru openid

Let's look at recent changes to users_controller

On Sat, May 12, 2018, 7:06 PM Sebastian Silva notifications@github.com
wrote:

Please describe the problem (or idea)

Trying to login with spectralworkbench.org or mapknitter.org

What happened just before the problem occurred? Or what problem could this
idea solve?

Obtained error instead of authorization.

Logs:

Started POST "/openid/decision" for 190.113.212.64 at 2018-05-12 23:04:46 +0000
Processing by OpenidController#decision as HTML
Parameters: {"authenticity_token"=>"mZGIfx021goan3ba1XNmpj2U3SJmEfAq7SaLO/rpyZTIhILocj420u+9P7ml+XGUWoU3bR3er9bccA==", "yes"=>"Yes"}
Completed 500 Internal Server Error in 2ms (ActiveRecord: 0.5ms)

NoMethodError (undefined method identity' for nil:NilClass): app/controllers/openid_controller.rb:182:indecision'

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/publiclab/plots2/issues/2727, or mute the thread
https://github.com/notifications/unsubscribe-auth/AABfJ98CytBuX_IeWEPxsQKDz7sEfjdaks5tx2rJgaJpZM4T8l86
.

Actually looks like this is returning nil --

https://github.com/publiclab/plots2/blob/1291ce1591422ce0d94c9a1b8cf4a0d1258370c3/app/controllers/openid_controller.rb#L173

@publiclab/reviewers any ideas why this might happen? Maybe recent Rails upgrades changed session behavior?

Maybe a lot w sessions has changed? https://stackoverflow.com/questions/17480487/rails-4-session-expiry

@Souravirus know anything about this?

Maybe fixes available here?

https://stackoverflow.com/questions/14720544/sessions-in-rails-4

No, I don't know much about sessions and influence of the rails 4.2 update to sessions. But, still I am seeing about this, as of why this is happening.

Do we have activerecord-session_store in our gemfile as in the stack overflow link?

We do! Hmm

It's set to active record store. Is that still supported? Maybe we need to set up cookie storage?

https://github.com/publiclab/plots2/blob/master/config/initializers/session_store.rb

I guess rails 4.2 is not supported?

https://github.com/rails/activerecord-session_store/issues/118#issuecomment-346664764

So do we switch to cookie storage?

Yeah we can switch to cookie storage. But before that we can try with dalli gem as is given the stack overflow link.

Looking into this now: http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html

So, i was actually able to sign into both -- this is why this didn't show up -- i think line 173 is failing because for a first-time user, there is nothing stored in session[:last_oidreq].

Our code is based exactly on this example:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/app/controllers/server_controller.rb#L76

So I'm not sure what's up... interestingly they actually show this error in their example's logs:

https://github.com/openid/ruby-openid/blob/5dd11301f00432554404e3304a3f9e9cab7146e1/examples/rails_openid/log/development.log#L752

is there no provision for if last_oidreq is missing? Hmm... any help appreciated!

@icarito says this is no longer affecting him???

Maybe we need to in incognito, create a completely new user on PL.org - and try logging in from SWB or MapKnitter.org?

Also possible relation to https://github.com/publiclab/plots2/issues/2021

OK status -- need to reproduce!

Perhaps it's intermittent -- like, what if it happens just the very first time someone goes through this process, but never again?

Ooh! got same error with tester user!

Reproducible too!

I'm going to review this again as we've got a report from another user.

I tried a naive approach at #2807 - but it didn't work. I'm guessing the underlying Gem is variously broken accross releases because openid is mostly deprecated elsewhere and we've been upgrading our stack. :-/

Can you paste in the log so I can try debugging?

[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] Started POST "/openid/decision" for 93.239
.154.117 at 2018-06-10 00:37:36 +0000
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d] ActionController::RoutingError (No route m
atches [POST] "/openid/decision"):
[d97d78d5-87be-40fa-8e00-e0a54e3ba43d]   

Thanks!

Here is what I face when I try to login through spectral workbench or mapknitter. When I first try to login I get into a no logged in state and when I try to log in second time, I get an error

And to test it locally you can follow the procedures given in https://github.com/publiclab/plots2/blob/master/doc/OPENID.md

Attempted fix in https://github.com/publiclab/plots2/pull/2815 is merged -- publishing to production then let's test!

Confirmed it's fixed. If you can test this out please do!