User sent to Create Account when trying to login with OAuth2

(Tarek Loubani) #1

Hello friends,

I’m using the OAuth2 provider, but I think this issue is independent of that.

Other logins work perfectly. However, when one of these users tries to login (and only this one), I get a “Create new account” screen even though the account already exists. Predictably, if the email is kept, then it fails. Here is the infromation from User.find_by_username. It’s been anonymized, but is otherwise the actual info:

[1] pry(main)> u = User.find_by_username("testuser")
=> #<User:0x0055
 id: 15,
 username: "TestUser",
 created_at: Thu, 25 May 2006 02:14:00 UTC +00:00,
 updated_at: Mon, 27 Jun 2016 19:35:50 UTC +00:00,
 name: "Test User",
 seen_notification_id: 9321,
 last_posted_at: Thu, 02 Jun 2016 17:40:11 UTC +00:00,
 email: "",
 salt: "hidden",
 active: true,
 username_lower: "testuser",
 auth_token: nil,
 last_seen_at: Mon, 27 Jun 2016 13:49:01 UTC +00:00,
 admin: false,
 last_emailed_at: Mon, 27 Jun 2016 19:35:38 UTC +00:00,
 trust_level: 4,
 approved: true,
 approved_by_id: nil,
 approved_at: nil,
 previous_visit_at: Thu, 09 Jun 2016 19:11:03 UTC +00:00,
 suspended_at: nil,
 suspended_till: nil,
 date_of_birth: nil,
 views: 0,
 flag_level: 0,
 ip_address: #<IPAddr: IPv4:x.x.x.x/>,
 moderator: false,
 blocked: false,
 title: nil,
 uploaded_avatar_id: nil,
 locale: "",
 primary_group_id: 42,
 registration_ip_address: nil,
 trust_level_locked: true,
 staged: false,
 first_seen_at: Thu, 09 Jun 2016 19:11:03 UTC +00:00>
[2] pry(main)> 

Any thoughts as to why this particular user might be ‘broken’?

OAuth2 Basic Support
(Tarek Loubani) #2

A bit more information after more probing.

When I enable local logins, the user can log in. I also changed the user email address in case something was happening there, but that did not change things.

I’m still at a loss as to why a user could login except with OAuth2. I will post this also to the OAuth2 thread as it definitely appears to be an issue with that.

(Sam Saffron) #3

My guess is that the email they are trying to take over belongs to another user.

We key on the oauth id,


User1 (oauth key 1) has
User2 (oauth key 2) tried to log in, account found, tried to take over … failse

Simplest fix is to free up the email on user1.