Error when signing in to AirMozilla prod site about airmozilla HOT 16 CLOSED

So this is a bigger issue.

We currently only invite Mozilla staff (people with @mozilla.com or @mozillafoundation.org email addresses) or people are are vouched Mozillians on mozillians.org.

We could have made it so that anybody can sign in but if you're not in either of the categories mentioned in the paragraph above you'd get nothing. We made a decision a long time ago that this is how it'll work. It would possibly feel "wrong" to allow people to sign in for absolutely nothing and not tell them that. This way, especially for vouched Mozillians, it's good to be clear up front. Especially for human beings who are vouched Mozillians but accidentally logged in with the wrong email address.

Now, in recent months, we have commenting. And perhaps we want to make it so that anybody can post a comment as long as they sign in.

There are a couple of design issues to figure out to get this right. We need to think about things a bit. Let's keep the discussion going.

from airmozilla.

There are more immediate ways to get in. Namely to make yourself a superuser. E.g.

$ ./manage.py shell
>>> from django.contrib.auth.models import User
>>> u = User.objects.get(email='[email protected]')
>>> u.is_staff = True
>>> u.is_superuser = True
>>> u.save()

from airmozilla.

I tried the above command. I get a "DoesNotExist" error because there is no such email in the User table. I dont think I set up the superuser when I first pip installed django in my virtualenv

from airmozilla.

Try:

>>> from django.contrib.auth.models import User
>>> u = User.objects.create(username='doesntmatter', email='[email protected]')
>>> u.is_staff = True
>>> u.is_superuser = True
>>> u.save()

from airmozilla.

That above suggestion works to get a new user into the User table. However, I still get a csrf error:

from airmozilla.

Refresh and try again. If that doesn't work it's probably because you don't have cookies working.

You should have SESSION_COOKIE_SECURE = False in settings/local.py

from airmozilla.

😧 I've tried on different browsers, with cookies cleared every time. This issue is a big blocker if I cannot sign in and access special admin features. I'm getting the same 403 error after the email address gets verified. If this helps, I have a pastebin of the local.py file: http://pastebin.com/FRjpUK1y

from airmozilla.

Don't worry. It's a very common problem to get into.

Your pastbin is now gone :(
But what did it say about SESSION_COOKIE_SECURE?

Another common problem is that caching doesn't work. This is most commonly the problem when you have django.core.cache.backends.memcached.MemcachedCache in your settings/local.py for the CACHES setting. ...but don't have a working memcache server running on your laptop. If that's the case, there are two options:

1. install and run memcache on port :11211 (which is the default port)
2. change the CACHES setting to look like this:

CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
        'LOCATION': 'crashstats'
    }
}

One very good way to testing if caching works is to do this:

$ ./manage.py shell
>>> from django.core.cache import cache
>>> cache.set('foo', 'bar', 60)

exit and immediately start the shell again:

$ ./manage.py shell
>>> from django.core.cache import cache
>>> assert cache.get('foo') == 'bar'

Again, sorry this is so troubling. I'm so used to these settings and stuff that I now struggle to see what's no longer obvious about them.
The right course of action would be to somehow add these notes to some sort of "Troubleshooting" section of the readme.

from airmozilla.

I have a new pastebin, which is updated here: http://pastebin.com/FRjpUK1y
I'll spend some time troubleshooting this issue and keep you updated on progress. This is a learning experience.

What do you mean by 1) install and run memcache on port :11211 (which is the default port)? Im not quite familiar with that step.

from airmozilla.

I changed the cache setting to the setting you recommended. SESSION_COOKIE_SECURE is false. Now I get a different error message! This is exciting! Here's a screenshot and it's also the same message I get from the prod and stage servers:

I realize this is an in-built feature to keep non-Mozilla employees out of the admin tools. I've made a new ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=990956

from airmozilla.

I changed the cache setting to the setting you recommended. SESSION_COOKIE_SECURE is false. Now I get a different error message! This is exciting! Here's a screenshot:

from airmozilla.

Excellent! But now we're up against a "flaw" in Air Mozilla's design. Basically, the auth works such that you're only allowed in if you can Persona sign-in with a @mozilla.com or @mozillafoundation.org address. Or, you can sign in with the email address you use on a vouched Mozillians.org account. Do you have such an account? If you set that up, I'll vouch you in.

Obviously, we had never thought about how this would work for people who aren't in those two categories.

Which brings us to the next big question; should we instead let anybody sign in but only if you have a certain email address do you get to see company private videos. And only if you're a vouched Mozillian do you get to see contributor-only videos.
What do you think?

from airmozilla.

I'm also concerned about something in your screenshot. Why is the search input field in plain HTML?! Do you have any idea?

from airmozilla.

1. I don't have a mozillian.org account to sign in on prod site. That shouldn't be a problem. I can still login on local dev and access admin tools. The other big development problem is that I don't have sample videos on local dev to work with; the local dev site is empty.
2. Why should anybody be allowed to sign in to Air Mozilla prod site if they are not employees of Air Mozilla? What is the use case to allow public anonymous users to sign in to Air Mozilla prod site? Is it to allow any user to access special features such as bookmarking new videos or comment on videos?
3. I'm not sure why that input field is in plain html. Sometimes, it's plain html and sometimes it's not.

from airmozilla.

1. Once you have a Mozillians account, let me know what your URL is and I'll vouch for you. Then you can test logging in as a contributor.
2. Events have one of three privacy statuses. You can see it here Does that explain your question?
3. I've never seen that! How odd indeed!

from airmozilla.

1. https://mozillians.org/en-US/u/onceuponatimeforever/ is my current mozillian account. The email is [email protected]. I am unable to get an email account on either the mozilla site or on bugzilla that ends with @mozilla.
2. Yes, that makes sense now why there are settings for loggedin vs anon users.
3. This search bar html issue is now fixed; it was related to my previous virtualenv being messed up and you helped me get a brand-new correct virtualenv up and runnng yesterday.

from airmozilla.