New gitit users cannot log in after creating an account
Closed this issue · 12 comments
This is with 8063ea9 and with Chrome Version 94.0.4606.61 (Official Build) (64-bit)
Steps to reproduce:
-
Be on windows 10
-
Get debian from Windows Store (follow instructions for WSL2 setup)
-
get into wsl debian
-
sudo apt install -y git haskell-stack
-
cd; git clone https://jgm/gitit
-
cd gitit; stack install
-
mkdir ~/testgitit; cd ~/testgitit
-
gitit --print-default-config > my.conf
-
gitit -f my.conf
-
browse to http://localhost:5001
-
on Front page: click 'edit'
-
on Login page: click 'click here to get one'
-
fill in form (with real email address)
-
right-click password field, select 'Suggest Password...', click 'Use suggested password'.
-
click Register
-
now back at Login page, username/password are prefilled by chrome, click Login
-
nothing happens - still on Login page, still pre-filled, no error messages and not logged in.
-
back to front page by clicking the dog, clicking 'login / get an account', then click login button -> back to front page, NOT logged in.
There's no sent email with an account verification link, and no error message either. Nothing is in the log file apart from the 7 Created/Added lines.
Making it save password reset emails locally:
cat <<EF > fakemail
#!/bin/bash
cat > ~/fakemail
EF
chmod +x fakemail
cat my.conf | sed 's/sendmail/.\/fakemail/' > fm.conf
gitit -f fm.conf
And now at least the reset URL email can be seen with cat ~/fakemail
, but repeating account generation does not put an account creation email there.
What's going on? There's a line in gitit-users, and I can ask for a password regeneration and use the link to change the password, but I still can't log in.
Not sure. Have you tried with older releases? Is this a regression?
I'm also having this issue on Windows 10 / WSL2.
@Daedalus359 Please indicate what version you're using, and how you built/installed it.
gitit version 0.15.0.0
Installed via stack according to gitit's Hackage readme:
git clone https://github.com/jgm/gitit
cd gitit
stack install
This was within my WSL2 instance, which is Ubuntu 20.04 from the Microsoft store.
Edit: I'm planning to try this on a native Linux computer next weekend, so I can report back if there's any reason to think WSL2 could be the issue.
Edit 2: Following up on the plans mentioned above - my new computer is a Raspberry Pi 4, and I didn't realize there was a relative lack of support for Stack or the Haskell Platform on that architecture. As a result, I unfortunately won't be able to try gitit anywhere else for now.
I can confirm this issue also appearing on linux natively. System here is:
NAME=NixOS
ID=nixos
VERSION="21.11 (Porcupine)"
VERSION_CODENAME=porcupine
VERSION_ID="21.11"
BUILD_ID="21.11pre326545.9303cc04458"
PRETTY_NAME="NixOS 21.11 (Porcupine)"
LOGO="nix-snowflake"
HOME_URL="https://nixos.org/"
DOCUMENTATION_URL="https://nixos.org/learn.html"
SUPPORT_URL="https://nixos.org/community.html"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
Methods tried were:
- Using a
nix-shell -p haskellPackages.gitit
command to get a shell with a gitit fetched from cache - Running
cabal install gitit
and running the executable from the cabal binary directory.
Thank you for your time.
Confirming that the login issue is also present on OpenBSD 7.0 / GHC 8.10.6 with gitit installed either via cabal install gitit
or by cloning the repo (b03c78e) and cabal install
per the README.
- Creating account works correctly and shows up in
gitit-users
- Logging in with the correct password redirects to the Front Page, with "Login / Get an Account" still in the upper right
- Creating or editing a page shows the author as "Anonymous" instead of the user
- The only cookie set is "sid", value "SessionKey%20336540901", with an expiry one hour in the future
- Same behavior with Firefox or a Chromium-based browser, normal or private mode
Yes, I see this too with a fresh install (on macos -- apparently this is not os-specific).
Not sure when this stopped working or why, but I'll look into it a bit.
Lab note: with some tracing, I can see that in withUserFromSession
, getSession
is returning Nothing
. Even though the cookie is being set, we're getting pSessionKey
= Nothing
in params.
Note: the value of the cookie is SessionKey%20336540901
(as noted above, number will differ). Perhaps we've got an issue here involving FromReqURI for SessionKey. Looking at the code, it seems that it is expecting just a number, not SessionKey number
.
Think I've got it figured out.
This was a regression introduced by 111a2f1 (Aug 11 2021) which made SessionKey a newtype. This changed its Show
instance and broke the session cookie reading code. My fault, sorry!