Bug 1696781 Comment 4 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

This is due to OAuth2 module behaving unexpectedly.

This happens in the following STR:
  1. Startup Firefox with clean profile, to make sure no cookie
  2. Load `https://phabricator.services.mozilla.com/conduit/login/`
  3. Click "Log In or Register BMO" button shown in the page
  4. It jumps to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&scope=user%3Aread&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&state=***&response_type=code` page, and it redirects to `https://bugzilla.mozilla.org/login`
  5. Click "New Account" button at the top of the page

This happens during following https://firefox-source-docs.mozilla.org/setup/windows_build.html
If the user runs `bootstrap.py`, it asks for Phabricator token, with providing `https://phabricator.services.mozilla.com/conduit/login/` URL.
We don't ask users to create Bugzilla account before that point, usually they don't have bugzilla account, and they needs to click "New Account" button at step 5.

Actual result:
  1. It goes to `https://bugzilla.mozilla.org/createaccount.cgi`
  2. It redirects to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&response_type=code&scope=user%3Aread&state=***`
  3. It redirects to `https://bugzilla.mozilla.org/login`

So, I think somewhere in the steps, the following code is executed and `$c->session->{override_login_target}` is set to `"login"`.

https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla/App/Plugin/OAuth2.pm#L70
```
sub _resource_owner_logged_in {
  my (%args) = @_;
  my $c = $args{mojo_controller};

  $c->session->{override_login_target} = $c->url_for('current');
```

I guess we should disable the override behavior for new account page.
This is due to OAuth2 module behaving unexpectedly.

This happens in the following STR:
  1. Startup Firefox with clean profile, to make sure no cookie
  2. Load `https://phabricator.services.mozilla.com/conduit/login/`
  3. Click "Log In or Register BMO" button shown in the page
  4. It jumps to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&scope=user%3Aread&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&state=***&response_type=code` page, and it redirects to `https://bugzilla.mozilla.org/login`
  5. Click "New Account" button at the top of the page

This happens during following https://firefox-source-docs.mozilla.org/setup/windows_build.html
If the newcomer runs `bootstrap.py`, it asks for Phabricator token, with providing `https://phabricator.services.mozilla.com/conduit/login/` URL.
We don't ask newcomers to create Bugzilla account before that point, so usually they don't have bugzilla account, and they needs to click "New Account" button at step 5.

Actual result:
  1. It goes to `https://bugzilla.mozilla.org/createaccount.cgi`
  2. It redirects to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&response_type=code&scope=user%3Aread&state=***`
  3. It redirects to `https://bugzilla.mozilla.org/login`

So, I think somewhere in the steps, the following code is executed and `$c->session->{override_login_target}` is set to `"login"`.

https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla/App/Plugin/OAuth2.pm#L70
```
sub _resource_owner_logged_in {
  my (%args) = @_;
  my $c = $args{mojo_controller};

  $c->session->{override_login_target} = $c->url_for('current');
```

I guess we should disable the override behavior for new account page.
This is due to OAuth2 module behaving unexpectedly.

This happens in the following STR:
  1. Startup Firefox with clean profile, to make sure no cookie
  2. Load `https://phabricator.services.mozilla.com/conduit/login/`
  3. Click "Log In or Register BMO" button shown in the page
  4. It jumps to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&scope=user%3Aread&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&state=***&response_type=code` page, and it redirects to `https://bugzilla.mozilla.org/login`
  5. Click "New Account" button at the top of the page

This happens during following https://firefox-source-docs.mozilla.org/setup/windows_build.html
If the newcomer runs `bootstrap.py`, it asks for Phabricator token, with providing `https://phabricator.services.mozilla.com/conduit/login/` URL.
We don't ask newcomers to create Bugzilla account before that point, so usually they don't have bugzilla account, and they needs to click "New Account" button at step 5.

Actual result:
  1. It goes to `https://bugzilla.mozilla.org/createaccount.cgi`
  2. It redirects to `https://bugzilla.mozilla.org/oauth/authorize?client_id=***&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&response_type=code&scope=user%3Aread&state=***`
  3. It redirects to `https://bugzilla.mozilla.org/login`

So, I think somewhere in the steps, the following code is executed and `$c->session->{override_login_target}` is set to `"login"`.

https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla/App/Plugin/OAuth2.pm#L70
```
sub _resource_owner_logged_in {
  my (%args) = @_;
  my $c = $args{mojo_controller};

  $c->session->{override_login_target} = $c->url_for('current');
```

I guess we should disable the override behavior for new-account-related pages.

Back to Bug 1696781 Comment 4