Yahoo BigTent loops after authentication #2985
Comments
Certificate issuer looks good, matching BigTent portion of the flow appears to complete successfully. After attempted login, localStorage has
It is missing several fields! With a successful auth, localStorage would also have |
The loop is after provisioning, we loop over have_email, auth_with_assertion, and list_email again and again.
|
The second time the dialog is launched, the user is logged in with an active session. I wasn't seeing this earlier, when I discovered this issue. If one clicks 'Sign in', then the infinite loop happens. |
I think this is failing somewhere in syncEmails... still digging. |
Hmm, a bug is that we note identities to add or delete, but not to update. |
syncEmails doesn't look like the root cause. What I tried to reproduce this was to create the broken state in localStorage manually, but this didn't reproduce the problem in dev or my local dev instance. Another weird thing is that I can log in via the browserid homepage: |
Just by the way, stage was updated to train-2013.02.01 at 11:52, and was broken somewhat from 11:00 to then. |
Actually, the broken webheads would have been taken out of load-balance, so this wouldn't have been user visible during that time. But the version has changed to train-2013.02.01. |
Hmmm, "signing in" from the homepage isn't really a proper sign in. LocalStorage still is missing cert, priv, and pub keys. It does however let you edit your account into. If you switch back to 123done and click sign in, then the site goes through provisioning again and gets stuck in the infinite loop. |
I minified scripts and put my local machine into production mode, no dice. I connected to stage with Chrome's debugger. This seems promising, but minified, most funciton names are changed. Filed https://bugzilla.mozilla.org/show_bug.cgi?id=837925 to get stage put on to original JS sources. |
We switched use_minified_resources to false in stage, but this won't work without having run |
Using Chrome's debugger against the minified sources, it looks like we:
This exception could just be normal usage of jquery, Chrome debugger chokes on our current codebase a lot. |
One of the possible exceptions being thrown is
I don't know that this is the case, it's just a possibility. Looking at the assertion which is sent up in auth with assertion... dev env:
In stage:
Not sure why |
why is dev RSA and stage DSA? Relevant? |
It probably isn't, I'm noting things that are different between dev and stage, which I don't know why they are different. |
Lloyd had a good idea, spin up http://looping.123done.org/ and point stage bigtent at that. See if we can get a repro. If so, we can debug it easily. |
Seems like the problem is in User.syncEmails - this is done async... maybe a timing issue? Digging, looking at server times. |
AOK cert payload= 1360094458818 serverTime= 1360094168459 cert set to expires at Tue Feb 05 2013 12:00:58 GMT-0800 (PST) server's time is Tue Feb 05 2013 11:56:08 GMT-0800 (PST) diff = 292,764 Boom. |
Okay, I misdiagnosed. Bigtent in stage doesn't provision certs with an I'll look at why I've got a good browserid-certifier deployment, bug stage doesn't. |
Local dev I'm running AWS dev we're running I've asked in bug 837925 what stage's versions are. |
To repro locally
d81cd1de83e630a03ac0cb48662374b9d0fe25f1 is from June of 2012 and uses jwcrypto@0.2.2. We'll cut a train of browserid-certifier to fix the root cause. I've created PR 2991 for improving logging of expired certs. |
We should log expiration issues. A root cause of Issue #2985
browserid-certifier bumped to jwcrypto@0.4.2. bigtent bumped to jwcrypto in PR 119 also, still testing locally. |
With the new certifier deployed, http://looping.123done.org/ is fixed. Hooray. |
BigTent re-pointed at Stage. http://beta.123done.org/ looping bug fixed. |
Steps to Reproduce
Expected:
Dialog closes and your logged in
Actual
Dialog hangs on last screen
Note HTTP requests:
A loop is present.
auth_with_assertion
,list_emails
,session_context
, and then back toauth_with_assertion
.This does not reproduce in dev nor in my local dev instance.
The text was updated successfully, but these errors were encountered: