#358 Logging in by email + password
Closed: Fixed 3 months ago by abompard. Opened a year ago by frostyx.

In Copr, we occasionally get reports like these:

People are trying to log in by using their email + password instead of username + password and weird redirects are happening. We could discuss which side is to blame for the unnecessary redirects but I would say that is not what we should focus on.

IMHO the login should be properly validated and we should not get past the auth form when trying to log in with email + password. I would expect to be redirected back to Copr only when the authentication was successful or when I decide to abort it.

Maybe this is a duplicate of #713, in that case, my apologies for a redundant issue. I am submitting it separate in case you think it is more to it than what #713 is about.

Originally reported here

I did some investigation and here's what I found out.

The metadata sent from id.fp.o back to the service differ in two fields:

Logged in via email - endless loop

openid.claimed_id: http://ttomecek@redhat.com.id.fedoraproject.org/
openid.identity: http://ttomecek@redhat.com.id.fedoraproject.org/

In server logs we'll get:

Discovery verification failure for http://ttomecek@redhat.com.id.fedoraproject.org/
* Endpoint mismatch: local_id mismatch. Expected http://ttomecek@redhat.com.id.fedoraproject.org/, got http://redhat.com.id

When I log in using my FAS username, I can see:

openid.claimed_id: http://ttomecek.id.fedoraproject.org/
openid.identity: http://ttomecek.id.fedoraproject.org/

Logging in with the email address should work now, it's the same as logging in with the username.

Metadata Update from @abompard:
- Custom field component adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Login to comment on this ticket.

Related Pull Requests
  • #363 Merged 12 months ago
  • #362 Closed 12 months ago