Last Comment Bug 1180733 - "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
: "An invalid state parameter was passed to the GitHub OAuth2 callback" error w...
Status: RESOLVED FIXED
:
Product: bugzilla.mozilla.org
Classification: Other
Component: Extensions: GitHubAuth (show other bugs)
: Production
: Unspecified Unspecified
-- normal (vote)
: ---
Assigned To: Dylan Hardison [:dylan]
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-06 08:30 PDT by Martyn Haigh (:mhaigh)
Modified: 2015-08-24 20:57 PDT (History)
3 users (show)
See Also:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
8bweq.png (69.67 KB, image/png)
2015-07-06 08:30 PDT, Martyn Haigh (:mhaigh)
no flags Details
1180733_1.patch (1.92 KB, patch)
2015-08-24 14:07 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review

Description User image Martyn Haigh (:mhaigh) 2015-07-06 08:30:33 PDT
Created attachment 8629988 [details]
8bweq.png

Getting an error logging in to bugzilla using a github account: 
An invalid state parameter was passed to the Github OAuth2 callback
Comment 1 User image Axel Hecht [:Pike] 2015-07-17 08:32:27 PDT
Just hit this as well, state is in the URL, so my suspicion is that https://github.com/mozilla/webtools-bmo-bugzilla/blob/061328fe4778f8b633e5441828c2962672603922/extensions/GitHubAuth/lib/Login.pm#L69 fails.

Note, my alter ego failed, axel@pike.org.
Comment 2 User image Byron Jones ‹:glob› 2015-08-19 07:04:01 PDT
steps to reproduce:

1. log out of bugzilla
2. navigate to https://bugzilla.mozilla.org/form.dev-engagement-event
3. choose "login with github" and authorise bugzilla
Comment 3 User image Dylan Hardison [:dylan] 2015-08-19 07:30:04 PDT
Yet https://bugzilla-dev.allizom.org/form.dev.engagement.event works. This is interesting.
Comment 4 User image Dylan Hardison [:dylan] 2015-08-19 07:42:39 PDT
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. 
Should be somewhat easy to fix.

(this is why a session stash would be so much nicer)
Comment 5 User image Dylan Hardison [:dylan] 2015-08-24 14:07:49 PDT
Created attachment 8651974 [details] [diff] [review]
1180733_1.patch

I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Comment 6 User image Byron Jones ‹:glob› 2015-08-24 20:57:09 PDT
Comment on attachment 8651974 [details] [diff] [review]
1180733_1.patch

Review of attachment 8651974 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Comment 7 User image Byron Jones ‹:glob› 2015-08-24 20:57:18 PDT
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   77fbf1e..85adb94  master -> master

Note You need to log in before you can comment on or make changes to this bug.