SSO user unnecessary approval with 403 error

sso
#1

Wordpress handles my user creation, but today I have this user’s approval pending:

Clicking Approve leads to a 403 error:

I’ve never seen a user come up for approval before, so I’m not sure why this one is different. He also looks like every other user in the Admin.

Perhaps yesterday’s update to v2.3.0.beta6 +16 introduced a bug?

Here is the error log:

Log

Message

Uncaught [object Object] Url: https://forum.glasair-owners.com/assets/ember_jquery-5dbd79abddf53926275c73f77dbe61e7351258de8d2e886bf2ce86f144368848.js Line: 9 Column: 11652 Window Location: https://forum.glasair-owners.com/review

Backtrace

Env

hostname gaoa-discourse-app
process_id 3240
application_version f3ed002c30e4b6d7fce76d209202287b1cf85c55
HTTP_HOST forum.glasair-owners.com
REQUEST_URI /logs/report_js_error
REQUEST_METHOD POST
HTTP_USER_AGENT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
HTTP_ACCEPT */*
HTTP_REFERER https://forum.glasair-owners.com/review
HTTP_X_FORWARDED_FOR 75.164.xxx.xxx
HTTP_X_REAL_IP 75.164.xxx.xxx
params message Uncaught [object Object] Url: https://forum.glasair-owners.com/assets/ember_jquery-5dbd79abddf5392627
--- --- --- ---
--- ---
url https://forum.glasair-owners.com/assets/ember_jquery-5dbd79abddf53926275c73f77dbe61e7351258de8d2e886b
line 9
column 11652
window_location https://forum.glasair-owners.com/review
1 Like
Feedback on the new Review Queue
[bounty] Google+ (private ) communities: export screenscraper + importer
Needs Approval feature (Nothing to Approve)
(Jeff Atwood) #2

@eviltrout is this on your list?

(Robin Ward) #3

Could you check the logs again for the server side error? What you’ve included here appears to be a Javascript error which is not the root cause.

#4

The error was on March 29, and /logs only goes back to March 30. I didn’t protect it. Can the log be retrieved elsewhere?

Earlier today I tried Approve again and this time it went through without the 403 error.

(Robin Ward) #5

Unfortunately not. Do you know if you updated your forum since the error appeared? I’m trying to figure out if it’s something we fixed already.

#6

I have not updated - still on the same version that first produced the issue: v2.3.0.beta6 +16.

1 Like
#7

Perhaps completely unrelated, but… my forum started as an import from phpBB, and all my new users show up as “Anonymous user from phpBB3” even though they are not. For example the user from the OP looks like this:

EDIT: One more data point, as mentioned here—my invite only has been enabled since the forum was created.

(Robin Ward) #8

Okay now I am wondering if the bug is related to invite only when using SSO, I’m investigating.

2 Likes
(Robin Ward) #9

Okay after looking into it slightly, I suspect the problem here is having SSO + Invite Only was always undefined behavior in Discourse. It doesn’t really make sense to have people log in via SSO but also require an invite.

Is disabling invite only an option for you? Why would you need it enabled?

3 Likes
#10

Yes - I’ve disabled it already and I can’t recall why it was enabled.

3 Likes
#11

This appears to have been fixed by disabling invite only when SSO is in use. I just had a new user sign up and he was not queued for review.

Still on the same version v2.3.0.beta6 +16.

2 Likes
(Robin Ward) #12

I’m going to see if I can prevent invite only from being set when using SSO.

3 Likes
#13

Also consider this use case:

2 Likes
(Robin Ward) #14

This commit prevents invite only and enable sso at the same time:

4 Likes
(Robin Ward) #15

I looked into this, and it seems to work now. If enable sso is true, the “Share / Invite” (now consolidated) modal does not allow emails, only usernames.

4 Likes
(Robin Ward) closed #16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.