#10359 Cannot login to accounts.fpo (nor pagure or anywhere)
Closed: Fixed 6 months ago by kevin. Opened 6 months ago by misc.

Since yesterday, I can't connect to any webapp on Fedora Project. I can open that ticket since I was logged on pagure already, but if I try to connect, I get "open id cancelled".

I resynced my 2FA token successfully (so I assume the password is verified then), I verified that the password was good (eg, that I didn't record password + OTP by error) I also typed it slowly several time, and I remember the password as well and do not remember changing it recently.
The error is " Unauthorized: bad credentials.".

I tried password reset, and it stop with "incorrect value" for the OTP.
I start to suspect the OTP is the problem, but I can't debug that.

My last tentative is around 12h30 / 12h45 UTC on the 22 of november 2021.

When do you need this to be done by? (YYYY/MM/DD)


no emergency, when people have time


Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

6 months ago

Metadata Update from @abompard:
- Issue assigned to abompard

6 months ago

I think I found why: you password has expired, and Noggin should offer you to change it, but apparently that does not work when the user has an OTP token.
I'll try to fix it, in the meantime I've pushed your password expiration date a month later (Dec 22nd). Can you login now?

No, say "400 - Bad Request"

Metadata Update from @misc:
- Issue priority set to: None (was: Waiting on Assignee)

6 months ago

Metadata Update from @misc:
- Issue priority set to: Waiting on Assignee

6 months ago

SO this was debugged on chat, but we still want to see on stg what happened. @abompard suspect my account got locked after too many try, and so we will test on stg.

For the record, the account OTP was removed after we mutually authenticate by phone and using verify.redhat.com, and then I had to reset my password using the regular form. Then I added back my token.

So, we have set:
Failure reset interval (seconds) 60
Lockout duration (seconds) 600

So, it should have only locked you out for 10min I think.

Anyhow, I think we have fixed all people with expired and can close this.

Please re-open if there's anything more for us to do. :)

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 months ago

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog