You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: authentication/login appears to fail for some users but not all, with no obvious difference between working and failing accounts, no useful error message, and no useable trace in the logs. This prevents users from logging in.
This issue is made worse by the fact that some users respond to the issue by trying a password reset, which has been broken for months: #1680.
Expected Behaviour
In Open Data Certificates (both staging and production)
When I try to log in with my credentials
I expect the log in to complete and redirect to my dashboard
Current Behaviour (for problems)
A number of users, when submitting username and password, get an error message in the UI saying "a server error occurred".
This is different from the error message shown when trying to log in with a non-existent username, or an existing username and the wrong password.
Your Environment
This error happens to me both on staging and production environments, as well as a number of other reported cases from other users.
The issue does not appear to be related to a specific client-side environment, as I have been able to create a new account and log in with it.
I have however seen an instance where creating a new account worked for a while, then failed. I do not remember after how long. This may point to the fact that the authentication/user management library used in Certificates (Devise) has a flag for "confirming" users: https://github.com/theodi/open-data-certificate/blob/staging/app/models/user.rb
I was not able to confirm this hypothesis yet.
Other notes
I was not able to retrieve any additional info from logs yet. The only difference in logs between successful and unsuccessful login attempts are in the returned status code:
Failed:
2018-08-15T12:44:45.561051+00:00 app[web.1]: {"method":"POST","path":"/users/sign_in","format":"js","controller":"sessions","action":"create","status":0,"duration":162.5,"@timestamp":"2018-08-15T12:44:45Z","@Version":"1","message":"[0] POST /users/sign_in (sessions#create)"}
Passed:
018-08-15T12:42:45.785567+00:00 app[web.1]: {"method":"POST","path":"/users/sign_in","format":"js","controller":"sessions","action":"create","status":200,"duration":241.06,"view":29.08,"db":72.26,"@timestamp":"2018-08-15T12:42:45Z","@Version":"1","message":"[200] POST /users/sign_in (sessions#create)"}
The text was updated successfully, but these errors were encountered:
Summary: authentication/login appears to fail for some users but not all, with no obvious difference between working and failing accounts, no useful error message, and no useable trace in the logs. This prevents users from logging in.
This issue is made worse by the fact that some users respond to the issue by trying a password reset, which has been broken for months: #1680.
Expected Behaviour
Current Behaviour (for problems)
A number of users, when submitting username and password, get an error message in the UI saying "a server error occurred".
This is different from the error message shown when trying to log in with a non-existent username, or an existing username and the wrong password.
Your Environment
This error happens to me both on staging and production environments, as well as a number of other reported cases from other users.
The issue does not appear to be related to a specific client-side environment, as I have been able to create a new account and log in with it.
I have however seen an instance where creating a new account worked for a while, then failed. I do not remember after how long. This may point to the fact that the authentication/user management library used in Certificates (Devise) has a flag for "confirming" users: https://github.com/theodi/open-data-certificate/blob/staging/app/models/user.rb
I was not able to confirm this hypothesis yet.
Other notes
I was not able to retrieve any additional info from logs yet. The only difference in logs between successful and unsuccessful login attempts are in the returned status code:
Failed:
Passed:
The text was updated successfully, but these errors were encountered: