#358 Logging in by email + password
Opened 5 months ago by frostyx. Modified 3 months ago

In Copr, we occasionally get reports like these:
https://bugzilla.redhat.com/show_bug.cgi?id=1943925

People are trying to log in by using their email + password instead of username + password and weird redirects are happening. We could discuss which side is to blame for the unnecessary redirects but I would say that is not what we should focus on.

IMHO the login should be properly validated and we should not get past the auth form when trying to log in with email + password. I would expect to be redirected back to Copr only when the authentication was successful or when I decide to abort it.

Maybe this is a duplicate of #713, in that case, my apologies for a redundant issue. I am submitting it separate in case you think it is more to it than what #713 is about.

Originally reported here
https://github.com/fedora-infra/noggin/issues/714


I did some investigation and here's what I found out.

The metadata sent from id.fp.o back to the service differ in two fields:

Logged in via email - endless loop

openid.claimed_id: http://ttomecek@redhat.com.id.fedoraproject.org/
openid.identity: http://ttomecek@redhat.com.id.fedoraproject.org/

In server logs we'll get:

Discovery verification failure for http://ttomecek@redhat.com.id.fedoraproject.org/
* Endpoint mismatch: local_id mismatch. Expected http://ttomecek@redhat.com.id.fedoraproject.org/, got http://redhat.com.id
.fedoraproject.org/    

When I log in using my FAS username, I can see:

openid.claimed_id: http://ttomecek.id.fedoraproject.org/
openid.identity: http://ttomecek.id.fedoraproject.org/

Login to comment on this ticket.

Metadata
Related Pull Requests
  • #363 Merged 3 months ago
  • #362 Closed 3 months ago