Defect #2757

Unable to register using OpenID

Added by Jean-Philippe Lang almost 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:2009-02-15
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:Accounts / authentication
Target version:0.9.0
Resolution:Fixed Affected version:

Description

Using r2476, assuming I have no redmine account:

  • on the login form, I enter my openid url
  • I'm redirected to my openid provider, I accept to access the site
  • I'm redirected to the redmine registration form (only the openid url is filled)
  • I fill the form (btw, why do I have to enter a password?)
  • I hit Submit
  • the registration is displayed with the login field empty and the error message "login can't be blank"
  • same error if I re-fill the login and re-submit

Full log is attached (openid url filtered).

development.log (12.8 KB) Jean-Philippe Lang, 2009-02-15 20:52

development.log - Eric's development.log showing a successful on the fly creation (11.9 KB) Eric Davis, 2009-02-18 05:49

Associated revisions

Revision 2483
Added by Eric Davis almost 9 years ago

Fixed the bug in the OpenID registration where the form wouldn't take a login

AccountController#open_id_authenticate was adding an auth_source_registration
to the session which caused AccountController#register to use the wrong codepath.

#2757

History

#1 Updated by Eric Davis almost 9 years ago

  • File development.log added
  • Affected version (unused) set to devel

Jean-Philippe Lang wrote:

Using r2476, assuming I have no redmine account:

  • on the login form, I enter my openid url
  • I'm redirected to my openid provider, I accept to access the site
  • I'm redirected to the redmine registration form (only the openid url is filled)

Looks like your OpenID provider doesn't send back the sreg information, which is required to setup the account. This is because Redmine requires a login (sreg 'nickname'), mail (sreg 'email'), firstname, and lastname (sreg 'fullname') in order to create a user. You can see my OpenID provider sends back the sreg so I was able to create a user account on the fly (second to the last request)

  • I fill the form (btw, why do I have to enter a password?)

Because Redmine requires a password :) If the user was able to be created on the fly, they get a random password (User#random_password) but since saving your user account failed the password wasn't set.

  • I hit Submit
  • the registration is displayed with the login field empty and the error message "login can't be blank"
  • same error if I re-fill the login and re-submit

This sounds like a problem with the register form itself. Let me do some more testing and see

#2 Updated by Eric Davis almost 9 years ago

Last log used the wrong database, where I had an existing user account. This log shows the process for a new user that needs an Administrator to approve the account activation.

#3 Updated by Eric Davis almost 9 years ago

  • File deleted (development.log)

#4 Updated by Eric Davis almost 9 years ago

  • Status changed from New to Closed
  • Target version set to 0.9.0
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I figured out why it wasn't taking your login. AccountController#open_id_authenticate was adding an auth_source_registration to the session which caused AccountController#register to use the wrong codepath. It's fixed in r2483.

Also available in: Atom PDF