Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

Yahoo login issue: Sorry, we are unable to log you in as alex_mayorga@yahoo.com #3949

Closed
ryanseys opened this issue Oct 3, 2013 · 11 comments
Closed

Yahoo login issue: Sorry, we are unable to log you in as alex_mayorga@yahoo.com #3949

ryanseys opened this issue Oct 3, 2013 · 11 comments
Assignees
@seanmonstar
Labels
qa:verified ★★★★★

Comments

@ryanseys
Copy link
Contributor

ryanseys commented Oct 3, 2013

Forwarded from Bugzilla 923350

Created attachment 813412
Log from "Browser Console"

For the past few days, I've kept getting "Sorry, we are unable to log you in as alex_mayorga@yahoo.com" whenever I try to login with Persona into any of the following URLs:

https://login.persona.org/
https://mozillians.org/
https://bugzilla.mozilla.org/
https://webmaker.org/

Attached find the log from "Browser Console".

Please let me know if there's anything I need to provide to solve this.

I've already tried clearing cache, deleting cookies, restarting browser.
@ryanseys
Copy link
Contributor Author

ryanseys commented Oct 3, 2013

Seems there might be a cross-domain issue (see the attachment link)

21:53:20.648 Security Error: Content at https://yahoo.login.persona.org/ may not load data from https://login.persona.org/sign_in.

@seanmonstar
Copy link
Contributor

It'd be cool to check the logs to see what the exact error is in rejecting the auth. Sounds possibly related to our recent hotfixes.

@jrgm
Copy link
Contributor

jrgm commented Oct 4, 2013

As fate would have it, I sat down this morning beside Alex ;-)

I think I see the bug. @ozten or @callahad, you guys around? (Probably at dinner right now).

@callahad
Copy link
Contributor

callahad commented Oct 4, 2013

@jrgm napping before dinner, but can look tonight. what's up?

@jrgm
Copy link
Contributor

jrgm commented Oct 5, 2013

@callahad sorry for not updating here earlier. From working with Alex, the claimed_id param in the querystring for the
return (/auth/yahoo/return) has a pattern that does not have a '/a/' path segment, so it fails the test here:
https://github.com/mozilla/browserid-bigtent_private/blob/train-2013.05.29-hotfix-9-24v3/server/lib/openid-tool.js#L27

@ozten
Copy link
Contributor

ozten commented Oct 7, 2013

I made a mistake, looking at outbound connections

if (params['openid.claimed_id'].indexOf('https://me.yahoo.com/a/') !== 0) {

should be

if (params['openid.claimed_id'].indexOf('https://me.yahoo.com/') !== 0) {

So that Yahoo can very the rest of the URL.

I'm offline until the 16th, can someone grab this?

@lloyd
Copy link
Contributor

lloyd commented Oct 10, 2013

@seanmonstar you got this?

@edwindotcom
Copy link
Contributor

just to add detail to who this affects: we think this may affect some subset of users who defined their openID identity at a specific point in time. Doesn't affect all users.

@ghost ghost assigned seanmonstar Oct 10, 2013
@jrgm
Copy link
Contributor

jrgm commented Oct 14, 2013

I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=926633 to get this deployed to stage (and from there to production).

@jrgm
Copy link
Contributor

jrgm commented Oct 16, 2013

Okay, after a delay with DNS issues, this went live at about 'Tue Oct 15 16:38:40 PDT 2013'.

@jrgm jrgm closed this as completed Oct 16, 2013
@alex-mayorga
Copy link

¡Muchas gracias @jrgm! =)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@seanmonstar seanmonstar

Labels
qa:verified ★★★★★
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ozten @callahad @lloyd @seanmonstar @ryanseys @alex-mayorga @jrgm @edwindotcom