I updated my bugzilla email id from [1] to [2] and now I cannot login:
[1]
[2]
I get the following errors:
Red Hat Bugzilla could not map your Fedora Account System account to an existing Bugzilla account. Would you like to create an account for "crvisqr@gmail.com"?
There is already an account with the login name crvisqr@gmail.com.
You have requested a password token too recently to request another. Please wait 10 minutes then try again.
As soon as possible please.
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
Your [1] and [2] footnotes seem missing?
Looking I dont' see you bugzilla email set at all...
Can you make sure and clear any cookies from *fedoraproject.org and retry?
No. I meant I changed my email address from crvisqr@gmail.com to crvi@fedoraproject.org, since I now have a @fedoraproject.org id, which seems more appropriate for fedora related stuff like bugzilla.redhat.com. And that messed up everything.
Now I have received an email as follows:
"Fedora Account System and Bugzilla Mismatch"
We have identified you[1] as either a Fedora packager or someone who has asked to be included in the CC list of tickets created for one or more component on bugzilla. Fedora packagers are granted special permissions on the Fedora bugs in bugzilla. However, to enable these functionalities (granting you these permissions or including you to the CC list of your packages of interest), we need to have your bugzilla email address stored in the Fedora Account System[2]. At the moment you have: crvisqr@gmail.com which bugzilla is telling us is not an account in bugzilla. If you could please set up an account in bugzilla with this address or change your email address on your Fedora Account to match an existing bugzilla account this would let us go forward. Note: this message is being generated by an automated script. You'll continue getting this message until the problem is resolved. Sorry for the inconvenience. Thank you, The Fedora Account System admin@fedoraproject.org
However, resetting the password of crvisqr@gmail.com or crvi@fedoraproject.org, doesn't seem to work.
crvisqr@gmail.com user does not exist
Can you login to https://accounts.fedoraproject.org ?
Can you then set 'crvi@fedoraproject.org' in the bugzilla email field?
Can you then login to bugzilla.redhat.com using the "Login using Fedora account system" option?
All issues resolved after resetting password of crvi@fedoraproject.org in bugzilla. Problem was I was using "Duplicate Tabs closer" Firefox plugin which was messing up with the password reset action uri, causing it to fail repeatedly.
crvi@fedoraproject.org
"Duplicate Tabs closer"
"Login using Fedora account system" doesn't work still. I using direct username ( crvi@fedoraproject.org ) / password now, which works.
Thanks!
ok. I think that may be a bug in the new account system. I guess lets leave this open to track that (it should let you login that way).
@puiterwijk is there a way to get ipsilon to do this? ie, for bugzilla.redhat.com send ipa bugzilla address (if populated) otherwise email address?
Yes, that is possible, but will require validating the email, which only got merged yesterday: https://github.com/fedora-infra/noggin/pull/642 . After that is pushed live, we can clear out the Bugzilla email field for everyone, then have them fill it back in to get validated, and then we can configure it to do so.
@abompard when this is live can we clear all those fields from the backend, then i guess we need to adjust ipsilon to work with the newly validated ones and then we can announce it?
The fix hasn't been released and pushed to prod yet. I still haven't looked at how we could tell ipsilon to use this field for bugzilla instead of the regular mail field.
@abompard any news here or timeline?
@kevin let me know on the IRC, that I'm affected by this issue, too.
ok. We now have the noggin deployed that validates bugzilla email field.
Next steps:
to identify/fix anything we have that syncs to/from bugzilla and adjust it to be able to use this field. I know some toddlers do as they create new components and sync bugzilla assignments. Do we have anything else? That might be it.
Clear all the existing bugzilla email fields and ask everyone to re-enter them to make sure they are validated. I think we can just do this anytime and announce it when we do.
@abompard can you do the second one at your leasure and do you want to work on the first item too, or should we try and rope in some time from @pingou ?
I'm ready with the reset script. It will save the list of users who have something in the field so we can email them to let them know. It's currently 672 users.
Huh, how hard would it be to just force a check/validate for all those 672 users ? Or is it just better to ask them to readd?
It's a good question, I suppose I could run a script to do that, but they'll see a "Please validate your address" email coming in their inboxes and may think it's spam/fishing if we don't warn them, no?
Yeah, I was hoping an announcement could help with that... but of course everyone won't see it.
But people who reject it or ask about it would I least know they have to re-enter/re-validate it. If we just silently remove them all not everyone will know they need to revalidate?
Right. I have prepared a script that will send an email to everyone who has set rhbz_email with a link to validate it, and clear the field. It reads:
rhbz_email
== Fedora Accounts System == Hello {displayname}, To improve security, we are now validating the addresses that contributors have set as their Bugzilla email address. To validate the email address {address}, please click on the link below: https://accounts.fedoraproject.org/user/{username}/settings/email/validate?token={token} This link will expire in one week. If you do not activate your email, Bugzilla will fallback on your main email address. -- Fedora Accounts System
Does this seem clear to you? Any changes? I think a one week expiration date is fine for something that the user is not expecting, but should I set something different?
That sounds great! Lets do it.
Have we identified the places we need to change to use this after thats done?
OK, emails away! Only 124 emails actually because I forgot to exclude users who had set the same email address in their Bugzilla field as their main email address, and we don't need to validate those.
At the moment FASJSON does not return the rhbz_mail attribute so we need to add that, thankfully it's very simple, and a ticket has been opened already. Tomas said he'd be interested in doing it. Then Toddlers and other tools can "just" query this field in FASJSON and fallback on the main email address if it's not there.
rhbz_mail
ok. I see the fasjson patch was merged.
Do we need a new release rolled out?
I have deployed a FASJSON update and it now returns the rhbz_mail attribute as a rhbzemail key in the JSON. It can be null if it's not set by the user in their profile.
rhbzemail
null
@zlopez since you have been working with toddlers lately, can you look at modifying toddlers to use this new key?
I am not sure what else we need to change. ;(
@kevin I changed the shared method in fedora_account module in toddlers, hopefully all toddlers are using this.
fedora_account
But the change is currently still on staging, waiting for some tests for scm_request_processor toddler and then we will move it to production :-)
This is actually fixed now. See recent announcement on devel-announce.
Sorry it lingered.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
User blocked in IPA and in pagure.io
Login to comment on this ticket.