Unable to login after upgrade to 1.15

mooreds

Yes, the OIDC plugin is busted on 1.15. I investigated a bit, but wasn't able to find the issue. Will have to dig in more, as I do want to get to the latest version to avoid issues.

rcauquil

@PitaJ @mooreds
We are upgrading to 1.15.3 also and we are also experiencing the "%5Bobject%20Object%5D" issue.

We are using this plugin for login "nodebb-plugin-jwt-oauth2".

It seems that we are getting this here:

helpers.redirect = function (res, url, permanent) {
	if (res.locals.isAPI) {
		res.set('X-Redirect', encodeURI(url)).status(200).json(encodeURI(url));
	} else {
		const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ?
			url : relative_path + url;
		res.redirect(permanent ? 308 : 307, encodeURI(redirectUrl));
	}
};

it's trying to encode this: { external: /path }

which is called from here:

if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
    if (res.locals.isAPI) {
        return helpers.redirect(res, {
	    external: nconf.get('relative_path') + data.authentication[0].url,
        });
    }
return res.redirect(nconf.get('relative_path') + data.authentication[0].url);
}

We are experiencing this only if you have at least disabled local registration or local login for registered user

It results in blocking the "Alternate Login" button from login page

edit: spelling

baris

@romain-cauquil

Can you modify the code and try with this

if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
    if (res.locals.isAPI) {
        const url = nconf.get('relative_path') + data.authentication[0].url;
        return res.set('X-Redirect', encodeURI(url)).status(200).json(encodeURI(url));
    }
    return res.redirect(nconf.get('relative_path') + data.authentication[0].url);
}

Let me know if that works. helpers.redirect doesn't support a object so not sure why it's being used there.

baris

https://github.com/NodeBB/NodeBB/issues/9032

barisusakli created this issue in NodeBB/NodeBB

closed helpers.redirect doesn't work for sso plugins on /api/login #9032

baris

@Romain-CAUQUIL @mooreds this should be fixed on master now, let me know if you have any issues. The fix is here https://github.com/NodeBB/NodeBB/commit/6f68f4d20ad2c25e3a6aae7fd805f8d6362e69de

0 barisusakli committed to NodeBB/NodeBB

fix: #9032, fix login redirect for sso plugins

rcauquil

@baris Perfect thank you it has fixed this issues.

rcauquil

@baris @PitaJ we are still experiencing issues. it seems that the bug you have fixed was here since a long time.

We are using 1.13.2 in production and the redirection to our sso service is working great (even if the bug you have fixed in 1.15.4 is in it)

1.13.2

Here you can also see that X-Redirect was already broken

1.15.4

But in 1.15.4 running locally we are not redirected to it unless we reload the page.

Note

In 1.13.2 it's calling /auth/pycom-sso
and in 1.15.4 it's calling **/api/**auth/pycom-sso

I'm investigating more on this.
Thank you

baris

I think the issue here is that the redirect change is now trying to go to the sso page via ajaxify and trying to load /api/auth/pycom-sso which doesn't exist.

I am guessing only /auth/pycom-sso is created by the sso plugin? What does the plugin return in the data.authentication[0].url field?

I think we can't use helpers.redirect here and will have to use a full redirect and revert my change. Try this fix please

if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
	const url = data.authentication[0].url;
	const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ?
		url : nconf.get('relative_path') + url;
	return res.redirect(307, encodeURI(redirectUrl));
}

Let me know if this works?

rcauquil

@baris said in Unable to login after upgrade to 1.15:

if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
const url = data.authentication[0].url;
const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ?
url : nconf.get('relative_path') + url;
return res.redirect(307, encodeURI(redirectUrl));
}

no I'm stuck with an infinite spinner

baris

What is the value of the redirect url?

rcauquil

@baris /auth/pycom-sso

baris

Thanks I am working on a fix.

rcauquil

@baris thank you

baris

@rcauquil Please apply the changes here https://github.com/NodeBB/NodeBB/commit/5d00b0895b0db961775b22ba6fff0b52fa7c4a0b

It will go back to the 1.14.x version of the redirect but also fix the "%5Bobject%20Object%5D" issue that was mentioned earlier in this topic.

Let me know if it works now.

0 barisusakli committed to NodeBB/NodeBB

fix: sso redirect on /login & /api/login

rcauquil

@baris same behavior so far, not redirecting

rcauquil

@baris if you want to make it easier we can make a quick call on jitsi or discord

rcauquil

@baris

baris

Did you rebuild and restart after applying all the fixes?
I'll take a look again. Also does it work on cold load?

rcauquil

@baris yes if I cold load it redirect me as expected, and yes I'm doing a rebuild every time I change something

baris

@rcauquil said in Unable to login after upgrade to 1.15:

@baris

This output doesn't look correct it should be {external: '/auth/pycom-sso'} in the responseJSON with the latest fixes when you click the login link.