User sent to Create Account when trying to login with OAuth2


(Tarek Loubani) #1

Hello friends,

I’m using the OAuth2 provider, but I think this issue is independent of that.

Other logins work perfectly. However, when one of these users tries to login (and only this one), I get a “Create new account” screen even though the account already exists. Predictably, if the email is kept, then it fails. Here is the infromation from User.find_by_username. It’s been anonymized, but is otherwise the actual info:

[1] pry(main)> u = User.find_by_username("testuser")
=> #<User:0x0055
 id: 15,
 username: "TestUser",
 created_at: Thu, 25 May 2006 02:14:00 UTC +00:00,
 updated_at: Mon, 27 Jun 2016 19:35:50 UTC +00:00,
 name: "Test User",
 seen_notification_id: 9321,
 last_posted_at: Thu, 02 Jun 2016 17:40:11 UTC +00:00,
 email: "testuser@example.org@",
 password_hash:
  "hidden",
 salt: "hidden",
 active: true,
 username_lower: "testuser",
 auth_token: nil,
 last_seen_at: Mon, 27 Jun 2016 13:49:01 UTC +00:00,
 admin: false,
 last_emailed_at: Mon, 27 Jun 2016 19:35:38 UTC +00:00,
 trust_level: 4,
 approved: true,
 approved_by_id: nil,
 approved_at: nil,
 previous_visit_at: Thu, 09 Jun 2016 19:11:03 UTC +00:00,
 suspended_at: nil,
 suspended_till: nil,
 date_of_birth: nil,
 views: 0,
 flag_level: 0,
 ip_address: #<IPAddr: IPv4:x.x.x.x/255.255.255.255>,
 moderator: false,
 blocked: false,
 title: nil,
 uploaded_avatar_id: nil,
 locale: "",
 primary_group_id: 42,
 registration_ip_address: nil,
 trust_level_locked: true,
 staged: false,
 first_seen_at: Thu, 09 Jun 2016 19:11:03 UTC +00:00>
[2] pry(main)> 

Any thoughts as to why this particular user might be ‘broken’?


OAuth2 Basic Support
(Tarek Loubani) #2

A bit more information after more probing.

When I enable local logins, the user can log in. I also changed the user email address in case something was happening there, but that did not change things.

I’m still at a loss as to why a user could login except with OAuth2. I will post this also to the OAuth2 thread as it definitely appears to be an issue with that.


(Sam Saffron) #3

My guess is that the email they are trying to take over belongs to another user.

We key on the oauth id,

So:

User1 (oauth key 1) has email@email.com
User2 (oauth key 2) tried to log in, account found, tried to take over email@email.com … failse

Simplest fix is to free up the email on user1.