Unable to login after upgrade to 1.15
-
helpers.redirect doesn't work for sso plugins on /api/login · Issue #9032 · NodeBB/NodeBB
more info https://community.nodebb.org/topic/15155/unable-to-login-after-upgrade-to-1-15
GitHub (github.com)
-
@baris @PitaJ we are still experiencing issues. it seems that the bug you have fixed was here since a long time.
We are using 1.13.2 in production and the redirection to our sso service is working great (even if the bug you have fixed in 1.15.4 is in it)
1.13.2
Here you can also see that X-Redirect was already broken
1.15.4
But in 1.15.4 running locally we are not redirected to it unless we reload the page.
Note
In 1.13.2 it's calling /auth/pycom-sso
and in 1.15.4 it's calling **/api/**auth/pycom-ssoI'm investigating more on this.
Thank you -
I think the issue here is that the redirect change is now trying to go to the sso page via ajaxify and trying to load
/api/auth/pycom-ssowhich doesn't exist.I am guessing only
/auth/pycom-ssois created by the sso plugin? What does the plugin return in thedata.authentication[0].urlfield?I think we can't use helpers.redirect here and will have to use a full redirect and revert my change. Try this fix please
if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) { const url = data.authentication[0].url; const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ? url : nconf.get('relative_path') + url; return res.redirect(307, encodeURI(redirectUrl)); }Let me know if this works?
-
@baris said in Unable to login after upgrade to 1.15:
if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
const url = data.authentication[0].url;
const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ?
url : nconf.get('relative_path') + url;
return res.redirect(307, encodeURI(redirectUrl));
}no I'm stuck with an infinite spinner
-
@rcauquil Please apply the changes here https://github.com/NodeBB/NodeBB/commit/5d00b0895b0db961775b22ba6fff0b52fa7c4a0b
It will go back to the 1.14.x version of the redirect but also fix the "%5Bobject%20Object%5D" issue that was mentioned earlier in this topic.
Let me know if it works now.
-
I have tested the fix on this forum with just the facebook sso plugin enabled and it worked as expected. Cold loading /login redirects to facebook login and clicking on the login button gets back
{external: '/auth/facebook'}which also triggers the facebook auth flow. -
This fix is included in 1.15.5 https://github.com/NodeBB/NodeBB/releases/tag/v1.15.5.
It only happens when you disable local login for registered users, change registration type to
No registrationand have 1 SSO plugin active. In this case cold loading the/loginroute will automatically redirect to the auth route. Clicking the login link in the header will get{external: '/auth/route-to-sso'}from the server and redirect to that route here.
