Signing in with a non-existing account doesn't give clear error about b2share HOT 13 CLOSED

There were no changes to the login page in b2share.

from b2share.

It does not look like Invenio problem, though:

• We use Invenio 1.1.2 (at least that is what our Invenio repository looks like)
• There is a demo instance of Invenio 1.1.2 at http://invenio-software.org/wiki/General/Demo It gives me a clear error:

Could not login using 'Local', because this user is unknown. login

So is it our default configuration problem? Probably not, since your KTH instance is behaving correctly too:
https://ss-dev.pdc.kth.se/youraccount/login

Wrong username/email and password combination.

So we have to assume the default Invenio handles errors correctly and your code doesn't break that. Thus this looks like CSC deployment issue again.

from b2share.

Assigned this to Pietari.

from b2share.

We are using Invenio's next branch, not stable. 1.1.2 is slowly getting stuff from next, but it wasn't half a year ago.

Current frozen tag for Invenio is https://github.com/SimpleStore/invenio/tree/b2share-v1 (554b012) , I suspect next branch made further steps.

from b2share.

Current frozen tag for Invenio is https://github.com/SimpleStore/invenio/tree/b2share-v1
What I see here is the latest tag being 1.1.2

(554b012) ,
What I see here is Error 404. Strange. But I do see the commit and your point.

I suspect next branch made further steps.
Yes, the commit you mention (the last on our fork of Invenio and its 'next' branch) is about 2 months after 1.1.2 tag.

It still means nothing for this issue, because your instance at KTH reports login errors correctly and you say you didn't modify that part at all. So it still looks like a CSC configuration/install issue

from b2share.

Reposting Ilja's important find:

KTH instance runs an older version of Invenio's next branch. There was a rebase to a newer version that fixed many >bugs, but also broke some of the overwritten functionality. Apparently login is a regression bug that got in. I don't >think it's a configuration issue, I have the same symptom on my virtual machine.

from b2share.

The error message which comes to in KTH instance after login is failed is defined on the webaccount_blueprint.py which isn't existing anymore in the https://github.com/SimpleStore/invenio/tree/b2share-v1/modules/websession/lib

So that's why it's probably failing silently. Probably there has been changes in invenio, which changed the login mechanism. Don't think it's configuration/install issue.

from b2share.

If that's a critical issue, please assign this task to me and I'll try to
come up with some visual display of incorrect login.

In general I don't think it's a critical issue, but as always YMMV and
Pavel's da man :)

On 19 December 2013 16:42, llehtine [email protected] wrote:

The error message which comes to in KTH instance after login is failed is
defined on the webaccount_blueprint.py which isn't existing anymore in the
https://github.com/SimpleStore/invenio/tree/b2share-v1/modules/websession/lib

So that's why it's probably failing silently. Probably there has been
changes in invenio, which changed the login mechanism. Don't think it's
configuration/install issue.

—
Reply to this email directly or view it on GitHubhttps://github.com/SimpleStore/simplestore/issues/28#issuecomment-30925548
.

from b2share.

OK boys, thanks for the investigation. I think it is kind of medium-importance: we can live without it for now, but releasing a really public version without it would not be very good.

So lets leave this open, but I will give it a lower priority (I'll invent some tag :)

Most importantly I hope this will resolve itself once we move to more stable Invenio revision. We had a talk with Mark and other TF leaders and we all agree: We need to try to move to a stable version of Invenio. And that (v.1.1.2) has this working correctly.

from b2share.

So I lebeled this "wontfix", but leaving it open so that we know to check it when we have moved to a different Invenio version.

from b2share.

• Existing account and bad password: I get "some error with login"
• nonexistent accout: just a reload and no warning

So the problem is still here.

from b2share.

Finally got my environment set up and I'm able to look at this. It appears that a single if statement somewhere in webaccount_blueprint.py should do it, but so far I haven't worked out where. I don't fully understand how the login process is working. I assume we're only interested in login_method='Local', as opposed to openid, oauth1 or oauth2?

from b2share.

So.. I can generate an error if the username is unknown. Unfortunately it generates that error even before the user attempts to validate the form. I can't find a way to count the number of failed logins, or to only generate the error after it actually occurs.

from b2share.