Skip to main content
Topic: Login Error(?) - Changed Email Reactivation  (Read 636 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Login Error(?) - Changed Email Reactivation

If a user changes their email address, and email reactivation is configured, the user gets the email reactivation email, activates the link (click, or paste into browser) and is presented with the login screen.

So far,. so good...

If the username and password are saved in the browser, and the user clicks on it to enter the forum, the user is directed to the forum URL:

{forum path}index.php?action=mentions;sa=fetch;api=json;lastsent=0

If the user "reloads" the forum [forum path url] they discover they are indeed logged in, but the user has to figure that out...

I don't think this is a configuration issue unique to my package / platform
(ElkArte v.1.1.6, PHP v. 7.2, Apache 2.4.46 over linux, MySql 5.6.51)

Thoughts?
X
__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //

Re: Login Error(?) - Changed Email Reactivation

Reply #1
Tried this (on my local install) and was not able to (yet) reproduce. 
Be safe, Be kind, Happy Programing

Re: Login Error(?) - Changed Email Reactivation

Reply #2
Well, I just tried it again, and it was repeatable..  except, apparently, if you close the browser first...

Apparently, if I just stay on the page that says I need to reauthorize my account with the email that was just sent, retrieve the new email and click the link, that's when the error occurs. If I closed the browser first, it was fine..

[BTW, @Spuds the reactivation email does NOT have parenthesis around the url, or a "link" tag.. for whatever that's worth regarding the other issue we were fussing over]

[Update: Confirmed, if you get off that notification page - close the browser, click the log-in button, whatever -, it works fine. If you stay on that page and click the re-authorization link in the email , you get the error as you log in.]
__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //

Re: Login Error(?) - Changed Email Reactivation

Reply #3
Does it do that only when the browser auto fills in the credentials?

Yeah on the link, I think it all has something to do with if you have the mailing list stuff enabled or not, lets just say there are many paths to sending the email, an area that needs to be cleaned up in 2.0, for now duct tape.
Be safe, Be kind, Happy Programing

 

Re: Login Error(?) - Changed Email Reactivation

Reply #4
Does it do that only when the browser auto fills in the credentials?


As it turns out it doesn't matter how the credentials are entered.

The "json page" only opens if the browser stays open on the "email address changed" page, when the link is activated and log in through the same browser (either the same tab or a different tab).

It does it in both Firefox and Edge, but,...

It doesn't do it if you make the address change in one browser, stay on the "email address changed" page in that browser, and paste the link in a different browser and log back in with it  - that works fine.

Maybe the easiest thing to do is add a message to the "email address changed" page to close the window before clicking the link  and not worry about why..  :D
__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //

Re: Login Error(?) - Changed Email Reactivation

Reply #5
Here's another possible wrinkle...

On my server, the forum is running in a username/password authenticated directory path (but the browsers are already "logged in" before the reactivation link is applied).

If you can't replicate the error, it may indeed be unique to my server configuration after all.
__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //

Re: Login Error(?) - Changed Email Reactivation

Reply #6
@Spuds most likely is the usual problem with the redirect address being stored in session (IIRC) and keeping it eve if it's a json or other general AJAX call?
I remember we added some protection at a certain point, not sure if maybe we missed one piece. *shrugs*
Bugs creator.
Features destroyer.
Template killer.

Re: Login Error(?) - Changed Email Reactivation

Reply #7
Let me know if I need to provide more data to hunt it down and kill it.
If it's related to a call timing issue (and I'm ignorant of what's going on in the background with authentication in between page loads), it's possible, I'm guessing, that I've got a bit of a race issue with my set up that can't be duplicated otherwise.

I haven't looked into how easy it is to restore authentication data if I temporarily remove the directory protection to see if that's actually involved (there's a lot of users in that 'table'), so I haven't tried it yet.

If nobody else is experiencing it, that sorta puts the burden on me to deal with it. I have some ideas to work around it (I suggested one already), but I certainly wouldn't call any of them "elegant".  :-[
__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //

Re: Login Error(?) - Changed Email Reactivation

Reply #8
I just deleted a previous reply/request for identifying a file in order to create a work-around. After giving it some more thought, I realized what I had in mind wouldn't solve the issue on my server set up anyway..  ::)

__________________________________________________________________________
// Deep inside every dilemma lies a solution that involves explosives //