softwerkskammer/Agora

Cannot log in using Yahoo OpenID

Closed this issue · 5 comments

jochenwalter commented

Trying to log into softwerkskammer.org fails when using Yahoo OpenID.

After entering my URL https://me.yahoo.com/a/.jCsvqUM04uJyeIpvXtxAwwOuEl07sA-, I get the following error message:

500
Failed to discover OP endpoint URL (message: No providers found for the given identifier)

Stacktrace:
InternalOpenIDError: Failed to discover OP endpoint URL
at node_modules/passport-openid   /lib/passport-openid/strategy.js:249:52
at node_modules/passport-openid/node_modules/openid/openid.js:768:14
at node_modules/passport-openid/node_modules/openid/openid.js:558:13
at node_modules/passport-openid/node_modules/openid/openid.js:527:13
at _parseHostMeta (node_modules/passport-openid/node_modules/openid/openid.js:402:5)
at node_modules/passport-openid/node_modules/openid/openid.js:522:9
at Request._callback (node_modules/passport-openid/node_modules/openid/openid.js:209:7)
at Request.self.callback (node_modules/request/request.js:186:22)
at emitTwo (events.js:106:13)
at Request.emit (events.js:191:7)
at Request.<anonymous> (node_modules/request/request.js:1163:10) 
at emitOne (events.js:96:13)
at Request.emit (events.js:188:7)
at IncomingMessage.<anonymous> (node_modules/request/request.js:1085:12)
at IncomingMessage.g (events.js:286:16)
at emitNone (events.js:91:20)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickCallback (internal/process/next_tick.js:98:9)

The same URL works when logging into stackoverflow.com, so I guess it is correct.

I use Firefox 59.0.2 (64-bit) on Ubuntu 16.04.4 LTS

The failed login attempt happened on 2018-04-05, 16:27 CEST. The problem, however, exists for a much longer time, but I never got around to send an error report.

leider commented

Sorry for this ugly behaviour. We previously already had problems with some other open access providers.

  1. Could you use an alternative login method (Google, github seem to be very reliable). If so, just create a new account (empty) and send an information email to info@softwerkskammer.de with your old and new usernames. I will then enable your old account to use the credentials of the new one and delete the new one. (workaround, but will work)
  2. Alternatively you could try to help use discover the source of the behaviour directly in the code (you'd need to clone the repo etc.) - Lots of work for you, but hey - the community will thank you :)
  3. Does a login maybe work on a 2nd attempt?

Sorry for not being too helpful,
Andreas

jochenwalter commented

Hi Andreas,

thank you for your suggestions. I'm not really a web developer, so it took me a while to analyse the problem.

The results:

  1. At first, the error could not be reproduced with my own build of Agora.

  2. Both my own build and the version on www.softwerkskammer.org are based on commit 064a149, so the different behaviour can only be caused by different versions of dependencies installed by npm.

  3. I checked the files mentioned in the stacktrace and was successful with openid.js which is part of package https://www.npmjs.com/package/openid hosted on https://github.com/havard/node-openid. In my build, this package has version 1.0.4.

    I cloned this repository and looked at its log. The log message of commit havard/node-openid@945d338 mentions Yahoo. I removed the change introduced by this commit by editing node_modules/openid/openid.js, i.e. I removed ;q=0.9 in line 223.

    With this modification, I could reproduce the bug.

  4. Package openid is a dependency of passport-openid, which specifies its version range as 1.x.x.

    Most likely, when building the deployed version of Agora, npm installed 1.0.3 (or less than) of openid.

    You can probably solve the problem by rebuilding and redeploying Agora. (Check that openid has version 1.0.4!)

  5. You might consider committing package-lock.json to the repository to ensure reproducible builds.

NicoleRauch commented

Wow, you're a genius! Thank you very much for this thorough analysis!

The openid package inside passport-openid was actually at version 1.0.1 =8-0

I've reinstalled the node-modules, and now it is at 1.0.4 just as expected.

So could you please verify that login now works correctly? Thanks!

jochenwalter commented

Hi Nicole,

login now works perfectly. By the way, thank you for Agora.

Jochen

NicoleRauch commented

This is great news! I am soooo grateful that you took this on - I think this solves a big issue we could not really pinpoint. So thank you :-)