Account creation redirects to login
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
People
(Reporter: ekr, Assigned: arai)
Details
Attachments
(1 file)
STR: go to https://bugzilla.mozilla.org/createaccount.cgi
Expected result: UI to create account
Actual result: bounced to https://bugzilla.mozilla.org/login
Comment 1•3 years ago
|
||
I am unable to reproduce this. Have you tried clear all cookies related to bugzilla.mozilla.org? What is the browser/version that this is happening on?
Assignee | ||
Comment 2•3 years ago
|
||
I saw multiple people having this issue these days.
The steps they took were:
- Load https://bugzilla.mozilla.org/login page
- Click "New Account" button at the top of the page
Actual result:
It redirects to https://bugzilla.mozilla.org/login
And solutions they took are either:
- a) Do the same thing in private window
- b) Remove cookie
So, I guess in certain situation, an unexpected cookie is created and it affects how https://bugzilla.mozilla.org/createaccount.cgi URL or page acts.
Assignee | ||
Comment 3•3 years ago
|
||
So far what I found is that.
If $session->{override_login_target}
is somehow set to "login"
below, the behavior is reproducible.
https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla.pm#L391-L398
my $C = Bugzilla->request_cache->{mojo_controller};
my $session = $C->session;
if (!$on_token_page && $session->{override_login_target}) {
my $override_login_target = delete $session->{override_login_target};
my $cgi_params = delete $session->{cgi_params};
my $mojo_url = Mojo::URL->new($override_login_target);
$mojo_url->query($cgi_params);
$C->redirect_to($mojo_url);
}
Assignee | ||
Comment 4•3 years ago
•
|
||
This is due to OAuth2 module behaving unexpectedly.
This happens in the following STR:
- Startup Firefox with clean profile, to make sure no cookie
- Load
https://phabricator.services.mozilla.com/conduit/login/
- Click "Log In or Register BMO" button shown in the page
- It jumps to
https://bugzilla.mozilla.org/oauth/authorize?client_id=***&scope=user%3Aread&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&state=***&response_type=code
page, and it redirects tohttps://bugzilla.mozilla.org/login
- Click "New Account" button at the top of the page
This happens during following https://firefox-source-docs.mozilla.org/setup/windows_build.html
If the newcomer runs bootstrap.py
, it asks for Phabricator token, with providing https://phabricator.services.mozilla.com/conduit/login/
URL.
We don't ask newcomers to create Bugzilla account before that point, so usually they don't have bugzilla account, and they needs to click "New Account" button at step 5.
Actual result:
- It goes to
https://bugzilla.mozilla.org/createaccount.cgi
- It redirects to
https://bugzilla.mozilla.org/oauth/authorize?client_id=***&redirect_uri=https%3A%2F%2Fphabricator.services.mozilla.com%2Fauth%2Flogin%2Fbmo%3Abugzilla.mozilla.org%2F&response_type=code&scope=user%3Aread&state=***
- It redirects to
https://bugzilla.mozilla.org/login
So, I think somewhere in the steps, the following code is executed and $c->session->{override_login_target}
is set to "login"
.
sub _resource_owner_logged_in {
my (%args) = @_;
my $c = $args{mojo_controller};
$c->session->{override_login_target} = $c->url_for('current');
I guess we should disable the override behavior for new-account-related pages.
Assignee | ||
Comment 5•3 years ago
|
||
I see that the redirect is disabled for token.cgi
page:
https://github.com/mozilla-bteam/bmo/blob/11d14950157c202c87551e3f48c22d4b6b422197/Bugzilla.pm#L393
sub login {
...
my $cgi = Bugzilla->cgi;
my $script_name = $cgi->script_name;
...
my $on_token_page = $script_name eq '/token.cgi';
...
if (!$on_token_page && $session->{override_login_target}) {
my $override_login_target = delete $session->{override_login_target};
my $cgi_params = delete $session->{cgi_params};
my $mojo_url = Mojo::URL->new($override_login_target);
$mojo_url->query($cgi_params);
$C->redirect_to($mojo_url);
}
that is used in the confirmation email:
[%+ urlbase %]token.cgi?t=[% token FILTER uri %]&a=request_new_account
I guess doing the same for createaccount.cgi
script should solve the redirect issue, and newcomers can remain in createaccount.cgi
page.
But now I have another question that how it goes back to OAuth2 process.
The page after entering real name and password in token.cgi
is also token.cgi
, with "The user account someone@somewhere has been created successfully." message on the bugzilla main page.
So, the redirect is still disabled, and I think newcomer will get stuck there
(I haven't tested the integration, so it might behave differently tho...)
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 6•3 years ago
|
||
Assignee | ||
Comment 7•3 years ago
|
||
Assignee | ||
Updated•3 years ago
|
Comment 8•3 years ago
|
||
Merged to master. Thanks for the contribution!
https://github.com/mozilla-bteam/bmo/commit/655be3982e2a0edfbc3df7aa4191b9eb195bcaeb
Assignee | ||
Updated•3 years ago
|
Description
•