Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't login from the project link #545

Closed
huumq00731 opened this issue Jan 21, 2020 · 5 comments · Fixed by #667
Closed

Can't login from the project link #545

huumq00731 opened this issue Jan 21, 2020 · 5 comments · Fixed by #667
Labels
bug Something isn't working
Projects
v1.0.4

Comments

@huumq00731
Copy link

huumq00731 commented Jan 21, 2020
edited

  1. Open browser(not logged in) and go to project link.

for example: http://IP:9740/projects/6

  1. Log in with correct password

  2. Incorrect pass msg will be show.

image

Your Environment

Doccano lastest code of master branch.
@icoxfog417
Copy link
Contributor

Can you login from the front page (http://IP:PORT) but can not log in from the project link?

@icoxfog417 icoxfog417 added the question Further information is requested label Jan 21, 2020
@kuraga
Copy link
Contributor

kuraga commented Jan 21, 2020

I have strange issues like this but not permanently... But seems like it sometimes appears if I signed in in Django Admin first...

@huumq00731
Copy link
Author

Can you login from the front page (http://IP:PORT) but can not log in from the project link?

Yes. I can login from the front page.
But when i share project link for another members. They can't login

@icoxfog417 icoxfog417 added bug Something isn't working and removed question Further information is requested labels Jan 21, 2020
@icoxfog417 icoxfog417 changed the title Can't login when go from existed project link Can't login from the project link Jan 21, 2020
@huumq00731
Copy link
Author

I have been updated version of doccano to [lastest code of master branch].
not 1.0.2

@Hironsan
Copy link
Member

Problem and analysis

This is due to the authentication priority.

In Django Rest Framework, we can specify the authentication classes in DEFAULT_AUTHENTICATION_CLASSES. The more previous, the higher the priority. In doccano, SessionAuthentication is prior to TokenAuthentication.

doccano/app/app/settings.py

Lines 218 to 221 in 8818ab1

'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
),

When we sign in to the admin page, we use SessionAuthentication as an authentication method, but when we sign in from the front page, we use TokenAuthentication. So if we sign in to the admin page before signing in from the front page, session id and csrftoken are stored in Cookies.
image

If we sign in from the front page after we already have signed to the admin page, session id and csrftoken are sent to the server because they are stored in the cookies.
image

As a result, the server tries to accept the request as a session authentication. But after v1.0.0, we can sign in to the application only using token authentication. That's why the strange behavior is observed.

Quick-fix solution

Comment out SessionAuthentication in DEFAULT_AUTHENTICATION_CLASSES. It does not prevent you from signing in to the admin page because the SessionAuthentication is different from Django admin's session authentication.

@kuraga kuraga mentioned this issue Mar 12, 2020
Closed
@Hironsan Hironsan added this to To do in v1.0.4 Apr 2, 2020
@Hironsan Hironsan moved this from To do to In progress in v1.0.4 Apr 2, 2020
Hironsan added a commit that referenced this issue Apr 3, 2020
@Hironsan
Fix login/logout problem, resolves #545, resolves #613
0a57677
@Hironsan Hironsan mentioned this issue Apr 3, 2020
Merged
v1.0.4 automation moved this from In progress to Done Apr 3, 2020
@kuraga kuraga mentioned this issue May 2, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
No open projects
v1.0.4
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix login/logout problem doccano/doccano
4 participants
@icoxfog417 @kuraga @Hironsan @huumq00731