Defect #3371

Autologin does not work when using openid

Added by Andrew Kouznetsov over 8 years ago. Updated over 4 years ago.

Status:ClosedStart date:2009-05-16
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:OpenID
Target version:2.3.0
Resolution:Fixed Affected version:

Description

After closing my browser authentification gets lost
http://redmine.bellax.net

ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux]
rails (2.2.2)
postgres-pr (0.6.1)
PostgreSQL 8.3.7

redmine-openid_autologin_fix-DrewDahl-3371.patch Magnifier (1.14 KB) Andrew Dahl, 2012-12-16 23:06

Associated revisions

Revision 11521
Added by Jean-Philippe Lang over 4 years ago

Adds autologin param in openid return_to url (#3371).

Revision 11563
Added by Jean-Philippe Lang over 4 years ago

Merged r11521 from trunk (#3371).

History

#1 Updated by Andrew Kouznetsov over 8 years ago

autologin does not work when i am logging in by my openid url

#2 Updated by Jean-Philippe Lang over 8 years ago

  • Assignee set to Eric Davis

#3 Updated by Jean-Philippe Lang over 8 years ago

  • Subject changed from Autologin dows not works to Autologin dows not works when using openid

#4 Updated by Eric Davis almost 8 years ago

  • Category set to Accounts / authentication
  • Resolution set to Cant reproduce

I can't reproduce this on the latest trunk version. Am I testing it correctly?

  1. Login as admin
  2. Setup OpenID url
  3. Logout
  4. Login as the OpenID url with "Remember Me"
  5. Enter OpenID authentication at OpenID host
  6. Logged into Redmine
  7. Close browser, clearing session cookies
  8. Start browser
  9. Visit Redmine
  10. Am still logged in from the "Remember Me"

#5 Updated by Elias Chistyakov almost 8 years ago

--- app/controllers/account_controller.rb
+++ app/controllers/account_controller.rb
@@ -150,7 +150,7 @@ class AccountController < ApplicationController

   def open_id_authenticate(openid_url)
-    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
+    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url(:autologin => params[:autologin])) do |result, identity_url, registration|
       if result.successful?
         user = User.find_or_initialize_by_identity_url(identity_url)
         if user.new_record?

#6 Updated by Andrew Kouznetsov over 7 years ago

My session resets each browser restart.
Here: rm.smix.name is clean redmine installation with a couple of projects.
(sorry I don't want search bots to index it)

#7 Updated by Aron Rotteveel about 7 years ago

I actually have the some problem (using myopenid.com). This has never worked for me.

#8 Updated by Peter Baumgartner about 7 years ago

This is present in 1.0.2. edavis10 had this to say in #redmine,

OpenID doesn't work with autologin because of how it comes back to Redmine. Autologin works with normal sessions.

"cant reproduce" resolution should be removed.

#9 Updated by Felix Schäfer about 7 years ago

  • Resolution deleted (Cant reproduce)

#10 Updated by Eric Davis about 7 years ago

  • Assignee deleted (Eric Davis)

#11 Updated by Aron Rotteveel almost 7 years ago

This issue still exists for me using 1.1.0.stable.4761

#12 Updated by Etienne Massip about 6 years ago

  • Category changed from Accounts / authentication to OpenID

#13 Updated by Andrew Dahl almost 5 years ago

Elias Chistyakov wrote:

[...]

I can confirm this bug still exists in 2.1.4.stable and the quoted patch works. I've attached one that applies to 2.1.4.stable, since that is likely easier for you.

I tested this with Firefox 17.0.1 and IE9.

To reproduce, I followed Eric Davis route similarly:

  1. Login using OpenID url and register user
  2. Logout
  3. Login with the OpenID url, selecting "Auto Login"
  4. Enter OpenID authentication at OpenID host
  5. Logged into Redmine
  6. Close browser, clearing session cookies
  7. Start browser
  8. Visit Redmine Homepage (not /login)
  9. Am no longer logged in (of course, with the patch, I am.)

Also, if it's relevant, I have auto logins setup to stay current for 7 days. (Although, I don't think that should matter.)

#14 Updated by Jean-Philippe Lang over 4 years ago

  • Subject changed from Autologin dows not works when using openid to Autologin does not work when using openid
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.3.0
  • Resolution set to Fixed

Fixed in r11521.

#15 Updated by Jean-Philippe Lang over 4 years ago

  • Status changed from Resolved to Closed

Merged.

Also available in: Atom PDF