Account creation redirects to login
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
People
(Reporter: ekr, Assigned: arai)
Details
Attachments
(1 file)
STR: go to https://bugzilla.mozilla.org/createaccount.cgi
Expected result: UI to create account
Actual result: bounced to https://bugzilla.mozilla.org/login
Comment 1•5 years ago
|
||
I am unable to reproduce this. Have you tried clear all cookies related to bugzilla.mozilla.org? What is the browser/version that this is happening on?
| Assignee | ||
Comment 2•4 years ago
|
||
I saw multiple people having this issue these days.
The steps they took were:
- Load https://bugzilla.mozilla.org/login page
- Click "New Account" button at the top of the page
Actual result:
It redirects to https://bugzilla.mozilla.org/login
And solutions they took are either:
- a) Do the same thing in private window
- b) Remove cookie
So, I guess in certain situation, an unexpected cookie is created and it affects how https://bugzilla.mozilla.org/createaccount.cgi URL or page acts.
| Assignee | ||
Comment 3•4 years ago
|
||
So far what I found is that.
If $session->{override_login_target} is somehow set to "login" below, the behavior is reproducible.
https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla.pm#L391-L398
my $C = Bugzilla->request_cache->{mojo_controller};
my $session = $C->session;
if (!$on_token_page && $session->{override_login_target}) {
my $override_login_target = delete $session->{override_login_target};
my $cgi_params = delete $session->{cgi_params};
my $mojo_url = Mojo::URL->new($override_login_target);
$mojo_url->query($cgi_params);
$C->redirect_to($mojo_url);
}
| Assignee | ||
Comment 4•4 years ago
•
|
||
This is due to OAuth2 module behaving unexpectedly.
This happens in the following STR:
- Startup Firefox with clean profile, to make sure no cookie
- Load
https://phabricator.services.mozilla.com/conduit/login/ - Click "Log In or Register BMO" button shown in the page
- It jumps to
https://bugzilla.mozilla.org/oauth/authorize?client_id=***&scope=user%3Aread&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&state=***&response_type=codepage, and it redirects tohttps://bugzilla.mozilla.org/login - Click "New Account" button at the top of the page
This happens during following https://firefox-source-docs.mozilla.org/setup/windows_build.html
If the newcomer runs bootstrap.py, it asks for Phabricator token, with providing https://phabricator.services.mozilla.com/conduit/login/ URL.
We don't ask newcomers to create Bugzilla account before that point, so usually they don't have bugzilla account, and they needs to click "New Account" button at step 5.
Actual result:
- It goes to
https://bugzilla.mozilla.org/createaccount.cgi - It redirects to
https://bugzilla.mozilla.org/oauth/authorize?client_id=***&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&response_type=code&scope=user%3Aread&state=*** - It redirects to
https://bugzilla.mozilla.org/login
So, I think somewhere in the steps, the following code is executed and $c->session->{override_login_target} is set to "login".
sub _resource_owner_logged_in {
my (%args) = @_;
my $c = $args{mojo_controller};
$c->session->{override_login_target} = $c->url_for('current');
I guess we should disable the override behavior for new-account-related pages.
| Assignee | ||
Comment 5•4 years ago
|
||
I see that the redirect is disabled for token.cgi page:
https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla.pm#L393
sub login {
...
my $cgi = Bugzilla->cgi;
my $script_name = $cgi->script_name;
...
my $on_token_page = $script_name eq '/token.cgi';
...
if (!$on_token_page && $session->{override_login_target}) {
my $override_login_target = delete $session->{override_login_target};
my $cgi_params = delete $session->{cgi_params};
my $mojo_url = Mojo::URL->new($override_login_target);
$mojo_url->query($cgi_params);
$C->redirect_to($mojo_url);
}
that is used in the confirmation email:
[%+ urlbase %]token.cgi?t=[% token FILTER uri %]&a=request_new_account
I guess doing the same for createaccount.cgi script should solve the redirect issue, and newcomers can remain in createaccount.cgi page.
But now I have another question that how it goes back to OAuth2 process.
The page after entering real name and password in token.cgi is also token.cgi, with "The user account someone@somewhere has been created successfully." message on the bugzilla main page.
So, the redirect is still disabled, and I think newcomer will get stuck there
(I haven't tested the integration, so it might behave differently tho...)
| Assignee | ||
Updated•4 years ago
|
| Assignee | ||
Comment 6•4 years ago
|
||
| Assignee | ||
Comment 7•4 years ago
|
||
| Assignee | ||
Updated•4 years ago
|
Comment 8•4 years ago
|
||
Merged to master. Thanks for the contribution!
https://github.com/mozilla-bteam/bmo/commit/655be3982e2a0edfbc3df7aa4191b9eb195bcaeb
| Assignee | ||
Updated•4 years ago
|
Description
•