Unable to log in about wildebeest HOT 21 CLOSED

OK, so parseHandle is being called with a URI instead of a @[email protected], and it’s unhappy. Let’s change the parseHandle to accept URIs as well as handles. BRB.

from wildebeest.

The URI https://dogfood.social/ap/users/brad resolves to something that looks like an ActivityPub Actor.

from wildebeest.

OK, it looks like an incompatibility with Ivory on iOS. If I delete the actor and re-register with Pinafore I have no issue creating and accessing the new account. I still cannot login with Ivory, but at least it seems to federate messages and support some clients.

from wildebeest.

Nope. I cannot log in with Safari either. Chrome seems to work alright.

from wildebeest.

@koehn have you tried to sync your fork? This has been fixed in ff701bb

from wildebeest.

Also Ivory isn't compatible with Wildebeest yet.

from wildebeest.

The fork is up to date. I cannot login using Safari on iOS or MacOS.

from wildebeest.

On Safari I continue to see the Error: invalid handle: localPart: https://dogfood.social/ap/users/brad in the CF function log.

I can log into that account using Chrome.

{
  "outcome": "ok",
  "scriptName": "pages-worker--844423-production",
  "exceptions": [],
  "logs": [
    {
      "message": [
        "-> GET https://dogfood.social/oauth/authorize?client_id=[redacted]&redirect_uri=https%3A%2F%2Fpinafore.social%2Fsettings%2Finstances%2Fadd&response_type=code&scope=read%20write%20follow%20push "
      ],
      "level": "log",
      "timestamp": 1675974932028
    },
    {
      "message": [
        "<- 200"
      ],
      "level": "log",
      "timestamp": 1675974932140
    },
    {
      "message": [
        "Error: invalid handle: localPart: https://dogfood.social/ap/users/brad"
      ],
      "level": "error",
      "timestamp": 1675974932140
    }
  ],
  "eventTimestamp": 1675974932028,
  "event": {
    "request": {
      "url": "https://dogfood.social/oauth/authorize?client_id=REDACTED&redirect_uri=https%3A%2F%2Fpinafore.social%2Fsettings%2Finstances%2Fadd&response_type=code&scope=read%20write%20follow%20push",
      "method": "GET",
      "headers": {
        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "accept-encoding": "gzip",
        "accept-language": "en-US,en;q=0.9",
        "cf-access-jwt-assertion": "REDACTED",
        "cf-connecting-ip": "2606:54c0:7680:fb0::e:287",
        "cf-connecting-o2o": "1",
        "cf-ipcountry": "US",
        "cf-ray": "796f645d18e2e1bf",
        "cf-visitor": "{\"scheme\":\"https\"}",
        "connection": "Keep-Alive",
        "cookie": "REDACTED",
        "host": "dogfood.social",
        "priority": "u=0, i",
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15",
        "x-forwarded-for": "2606:54c0:7680:fb0::e:287",
        "x-forwarded-proto": "https",
        "x-real-ip": "2606:54c0:7680:fb0::e:287"
      },
      "cf": {
        "longitude": "-93.26220",
        "httpProtocol": "HTTP/3",
        "tlsCipher": "AEAD-AES128-GCM-SHA256",
        "continent": "NA",
        "asn": 13335,
        "clientAcceptEncoding": "gzip",
        "country": "US",
        "tlsClientAuth": {
          "certIssuerDNLegacy": "",
          "certIssuerSKI": "",
          "certSubjectDNRFC2253": "",
          "certSubjectDNLegacy": "",
          "certFingerprintSHA256": "",
          "certNotBefore": "",
          "certSKI": "",
          "certSerial": "",
          "certIssuerDN": "",
          "certVerified": "NONE",
          "certNotAfter": "",
          "certSubjectDN": "",
          "certPresented": "0",
          "certRevoked": "0",
          "certIssuerSerial": "",
          "certIssuerDNRFC2253": "",
          "certFingerprintSHA1": ""
        },
        "tlsVersion": "TLSv1.3",
        "city": "Minneapolis",
        "timezone": "America/Chicago",
        "requestPriority": "",
        "edgeRequestKeepAliveStatus": 1,
        "postalCode": "55478",
        "colo": "ORD",
        "latitude": "44.98340",
        "region": "Minnesota",
        "regionCode": "MN",
        "asOrganization": "iCloud Private Relay",
        "metroCode": "613",
        "pagesHostName": "wildebeest-koehn.pages.dev"
      }
    },
    "response": {
      "status": 200
    }
  },
  "id": 3
}

from wildebeest.

I see your deploy build has failed: https://github.com/koehn/wildebeest/actions/runs/4136976733/jobs/7151555674.
Could you please agree to the pricing and rerun the build?

from wildebeest.

I did accept pricing and had a successful deploy before these errors occurred.

from wildebeest.

I’m getting the same errors when trying to log in via Firefox and Edge, strangely enough.

from wildebeest.

May be nothing or maybe something unrelated but I noticed that line 8 of this log entry ends with an un-escaped space:

{
  "outcome": "ok",
  "scriptName": "pages-worker--844423-production",
  "exceptions": [],
  "logs": [
    {
      "message": [
        "-> GET https://dogfood.social/oauth/authorize?client_id=[redacted]&redirect_uri=https%3A%2F%2Fpinafore.social%2Fsettings%2Finstances%2Fadd&response_type=code&scope=read%20write%20follow%20push "
      ],
      "level": "log",
      "timestamp": 1675974932028
    },
    {
      "message": [
        "<- 200"
      ],
      "level": "log",
      "timestamp": 1675974932140
    },
    {
      "message": [
        "Error: invalid handle: localPart: https://dogfood.social/ap/users/brad"
      ],
      "level": "error",
      "timestamp": 1675974932140
    }
  ],
  "eventTimestamp": 1675974932028,
  "event": {
    "request": {
      "url": "https://dogfood.social/oauth/authorize?client_id=REDACTED&redirect_uri=https%3A%2F%2Fpinafore.social%2Fsettings%2Finstances%2Fadd&response_type=code&scope=read%20write%20follow%20push",
      "method": "GET",
      "headers": {
        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "accept-encoding": "gzip",
        "accept-language": "en-US,en;q=0.9",
        "cf-access-jwt-assertion": "REDACTED",
        "cf-connecting-ip": "2606:54c0:7680:fb0::e:287",
        "cf-connecting-o2o": "1",
        "cf-ipcountry": "US",
        "cf-ray": "796f645d18e2e1bf",
        "cf-visitor": "{\"scheme\":\"https\"}",
        "connection": "Keep-Alive",
        "cookie": "REDACTED",
        "host": "dogfood.social",
        "priority": "u=0, i",
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15",
        "x-forwarded-for": "2606:54c0:7680:fb0::e:287",
        "x-forwarded-proto": "https",
        "x-real-ip": "2606:54c0:7680:fb0::e:287"
      },
      "cf": {
        "longitude": "-93.26220",
        "httpProtocol": "HTTP/3",
        "tlsCipher": "AEAD-AES128-GCM-SHA256",
        "continent": "NA",
        "asn": 13335,
        "clientAcceptEncoding": "gzip",
        "country": "US",
        "tlsClientAuth": {
          "certIssuerDNLegacy": "",
          "certIssuerSKI": "",
          "certSubjectDNRFC2253": "",
          "certSubjectDNLegacy": "",
          "certFingerprintSHA256": "",
          "certNotBefore": "",
          "certSKI": "",
          "certSerial": "",
          "certIssuerDN": "",
          "certVerified": "NONE",
          "certNotAfter": "",
          "certSubjectDN": "",
          "certPresented": "0",
          "certRevoked": "0",
          "certIssuerSerial": "",
          "certIssuerDNRFC2253": "",
          "certFingerprintSHA1": ""
        },
        "tlsVersion": "TLSv1.3",
        "city": "Minneapolis",
        "timezone": "America/Chicago",
        "requestPriority": "",
        "edgeRequestKeepAliveStatus": 1,
        "postalCode": "55478",
        "colo": "ORD",
        "latitude": "44.98340",
        "region": "Minnesota",
        "regionCode": "MN",
        "asOrganization": "iCloud Private Relay",
        "metroCode": "613",
        "pagesHostName": "wildebeest-koehn.pages.dev"
      }
    },
    "response": {
      "status": 200
    }
  },
  "id": 3
}

from wildebeest.

Anywho, I'm here because I, too, cannot log in using any available client. @xtuc, can you clarify whether any CF Access authentication provider is compatible? Specifically, is pin-based authentication compatible?

from wildebeest.

@xtuc See if you like this patch.

from wildebeest.

I'm a bit confused. I personally ran into this issue and the revert fixed for me. I have to I investigate tomorrow, sorry for the inconvenience.

Have you tried to merge the patch on your fork (on main in order to trigger the deploy) to see if it fixes?

@DataDrivenMD all auth providers should be as supported, as long as they expose an email.

from wildebeest.

I'm a bit confused. I personally ran into this issue and the revert fixed for me. I have to I investigate tomorrow, sorry for the inconvenience.

Have you tried to merge the patch on your fork (on main in order to deploy) to see if it fixes?

@DataDrivenMD all auth providers should be as supported, as long as they expose an email.

The issue resolved literally as the notification for this reply landed in my inbox. I honestly don't know exactly what I did to clear the issue, but I can share that I was trying different permutations of CF Access Policies to see if that was the issue. I was also tweaking the CORS settings via Cloudflare Access- just a few minutes earlier I added the web client domain to the allowed origins fields. If I'm able to figure out what happened, I'll definitely circle back to expand on my findings.

from wildebeest.

It does fix the issue on my fork. FWIW, I initially created the account with pinafore.social.

from wildebeest.

It does fix the issue on my fork. FWIW, I initially created the account with pinafore.social.

Can confirm that login is now working.

from wildebeest.

Would you mind trying to revert the patch, let it deploy and try login again? As I said, for me the revert fixed the issue and I'm wondering if it started working for you because of a successful deploy.

from wildebeest.

I reverted the change, re-deployed, and am still able to log in. Now I have no idea what’s going on, but for now I’ll close my PR. 🤷

from wildebeest.

I'm pretty sure I have everything setup right, but when I go to login at /oauth/authorize with my Access-allowed email address, and enter my PIN, all I get is Server error 400, nothing at all in the real-time log console for wildebeest-consumer-username, and metrics that indicate nothing but script thrown exceptions. On refresh, I get a 404 page missing page. Definitely logged into Access, but it doesn't seem to have created an account successfully. This is with Safari and Chrome on MacOS.

from wildebeest.