Bug #5951

GET-Evidence login via google login no longer works - OpenID 2.0 is gone

Added by Sarah Guthrie over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
05/07/2015
Due date:
% Done:

100%

Estimated time:
(Total: 2.00 h)
Story points:
1.0

Description

Currently unable to login to GET-Evidence, which is blocking editing variants. The error page you get directed to is attached

openid_gone.png (49.2 KB) openid_gone.png Sarah Guthrie, 05/07/2015 10:01 PM

Subtasks

Task #6116: Review 5883-oauth2-update at get-evidence.gitClosedAbram Connelly

History

#1 Updated by Abram Connelly over 6 years ago

Tom has a blog post about OpenID to OAuth 2.0 migration:

https://arvados.org/blogs/30

Piddling around I found it was pretty easy to get setup.

#2 Updated by Ward Vandewege over 6 years ago

  • Target version changed from Bug Triage to 2015-06-10 sprint

#3 Updated by Ward Vandewege over 6 years ago

  • Story points set to 1.0

#4 Updated by Tom Clegg over 6 years ago

  • Status changed from New to In Progress

#5 Updated by Tom Clegg over 6 years ago

  • Assigned To set to Abram Connelly

#6 Updated by Brett Smith over 6 years ago

  • Target version changed from 2015-06-10 sprint to 2015-07-08 sprint

#7 Updated by Tom Clegg over 6 years ago

At commit:40a50a0

In lib/openid.php

It looks like a number of possible errors culminating in a "no idea which user" condition are handled with "log something and proceed". I think we need to abandon ship at this point, presumably redirecting with an auth_error session var like in the earlier $resp->error condition.

  if (!$id_payload->sub) {
      error_log(json_encode($id_payload));
  }

(After this the errors seem relatively benign: "don't know your full name" etc.)

I'm not sure what the best error message is here, but surely it shouldn't say OpenID:

  if (!$resp) {
      error_log(json_encode($http_response_header));
      $_SESSION["auth_error"] = "Error: not a valid OpenID.";

In public_html/openid_verify_oauth2.php I suspect this regexp was meant to have a ^ anchor:

if (ereg ("/[^:]*$", $_REQUEST["return_url"], $regs))

#8 Updated by Tom Clegg over 6 years ago

At commit:get-evidence|bbb1ed9

The regexp in openid_verify_oauth2.php still doesn't look right -- now the initial slash is a preg delimiter but the ending one is missing. How about

-if (preg_match('/^\/[^:]*$', $_REQUEST["return_url"], $regs))
+if (preg_match('/^\/[^:]*$/', $_REQUEST["return_url"], $regs))

The rest looks good, thanks.

#9 Updated by Abram Connelly over 6 years ago

ok, fixed

#10 Updated by Abram Connelly over 6 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF