Hello everyone! One of my forum users couldn’t use his account to login forum from our website and got this error. There is no problem with other user accounts but only his. I thought it maybe can be solved by updating forum to the newest version but the problem is still there.
Do you have any idea? I appreciate any help.
Is there anything special about your login setup, or about this user in particular? I think I’ve seen similar errors concerning admin accounts previously, but the more information you can provide the better.
Are you seeing any errors in your /logs
?
Thank you for your reply!
Do you mean logs at /var/discourse/shared/standalone/log/rails
?
In which log is such error recorded?
production.log
or production_errors.log
the second one is empty.
I meant the logs at [YourSite]/logs
, or possibly if anything shows up in the browser console when they attempt to login? There may be some extra detail there that could help narrow it down.
Are they a non-staff user, and do you have any SSO enabled?
Yes i guess all user can login with sso, because they don’t need to enter account and password again to login forum. They are directly transfered from the website to the forum.
This is error in console:
And this is a possible error log in the web:
ActiveRecord::RecordInvalid (validation failed: Primary email already adopted) app/models/discourse_connect.rb:270:in block in match_email_or_create_user' lib/distributed_mutex.rb:53:in
block in synchronize’ lib/distributed
I think it seems this particular user has a different email on Discourse than they do on your main site. Could you check that to confirm?
Yes, I just checked the Email showed on Discourse User panel and the Email on our main site, they are the same.
I have had a scout about and one possible reason could be that their email has accidentally made its way onto your blocked list. You can search and see if that’s the case on your /admin/logs/screened_emails
page. If you find it on there, unblocking it may do the trick. (also worth checking for their IP in /admin/logs/screened_ip_addresses
too)
If that’s not the case, another possibility is that they had a forum account before you enabled SSO. What SSO are you using?
I checked /admin/logs/screened_ip_addresses and it’s empty.
Sorry, I don’t understanding what you mean. (“What SSO are you using”) Are there many types of SSO?
I was wondering if you’d used Discourse Connect or something else, and what you’d connected it to provide your user authentication (Wordpress, for instance).
We’ve seen this error before, I just did a search on our ticketing system.
This happens when you have
- require activation set to true
- a user U1 on Discourse with a specific email address, possibly with external ID A.
- a user U2 on the DiscourseConnect provider side with the same email address and a different external ID (B)
The user logs in, Discourse checks if there is a user with external ID B, it does not exist.
Normally Discourse will perform a match on email as a next step but since require activation is set the email address is untrusted and it skips this step and it will not associate with user U1 because it would allow for account hijacking.
So Discourse decides to create a new user. That fails because user U1 already exists with that email address.
It would be good if there was a better error in case the email does exist but the email is untrusted. I’m also unsure why it shows a generic Rails error.
Resolutions:
- if your email addresses on DiscourseConnect provider side are verified and can be trusted, set require activation to false.
or - change the external ID for user U1 to B
or - change the email address for user U1 to something else
Adding the text “the change you wanted was rejected” so this topic will be found when someone searches for this error.
Yes, we are using Discourse connect and it is connected to our site.
Thank you very much for your detailed reply! The email addresses in our site are verified when user login. So I will try to fix the problem with method 1 firstly. But in the admin settings I didn’t find where “require email activation” is.
It’s a parameter sent back during the SSO process, see Disable email verification for SSO - #4 by simon
For sites that are using the WP Discourse plugin for authentication, site admins can also mark email addresses for individual users as verified from the user’s preferences page:
This is safer, and easier, than disabling email verification for all users on the site.
I wonder when this started happening. I’m fairly sure the scenario you’re outlining used to generate this error message: “There is a problem with your account. Please contact the site’s administrator.”
Here is another case of a failing Rails validator that returns this error, and it’s 6.5 years old. In the context of DiscourseConnect this indeed is something we’ve only seen in the past few months.
We are using the discourse image, so should we just add require_activation=true
in env:
?
Thank you for your help, but we don’t sue WP. We are using discourse docker image. The proper way to configure it is adding require_activation=true
in env:
of the app.yml file?
No, see Login error - #17 by RGJ as posted before, you need to pass this parameter on a per-user basis. This requires changing it in your server side code if it is a custom implementation.