In Copr, we occasionally get reports like these: https://bugzilla.redhat.com/show_bug.cgi?id=1943925
People are trying to log in by using their email + password instead of username + password and weird redirects are happening. We could discuss which side is to blame for the unnecessary redirects but I would say that is not what we should focus on.
IMHO the login should be properly validated and we should not get past the auth form when trying to log in with email + password. I would expect to be redirected back to Copr only when the authentication was successful or when I decide to abort it.
Maybe this is a duplicate of #713, in that case, my apologies for a redundant issue. I am submitting it separate in case you think it is more to it than what #713 is about.
Originally reported here https://github.com/fedora-infra/noggin/issues/714
I did some investigation and here's what I found out.
The metadata sent from id.fp.o back to the service differ in two fields:
Logged in via email - endless loop
openid.claimed_id: http://ttomecek@redhat.com.id.fedoraproject.org/ openid.identity: http://ttomecek@redhat.com.id.fedoraproject.org/
In server logs we'll get:
Discovery verification failure for http://ttomecek@redhat.com.id.fedoraproject.org/ * Endpoint mismatch: local_id mismatch. Expected http://ttomecek@redhat.com.id.fedoraproject.org/, got http://redhat.com.id .fedoraproject.org/
When I log in using my FAS username, I can see:
openid.claimed_id: http://ttomecek.id.fedoraproject.org/ openid.identity: http://ttomecek.id.fedoraproject.org/
Logging in with the email address should work now, it's the same as logging in with the username.
Metadata Update from @abompard: - Custom field component adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.