Assorted GitHub OAuth login errors, difficult to reproduce; mapping them out for now

[sentry-io]

(@jywarren writing here)

Yikes, @icarito and I have dug deep into some MapKnitter login issues which are not /super/ common (~56 instances in past 8 months), but worrisome. They're unfortunately VERY hard to reproduce and are inconsistent - i.e. sometimes they don't happen at all.

It's a complex system using multiple OAuth providers (github, twitter, facebook) as well as OpenID via PublicLab.org, all linked to both MapKnitter.org and SpectralWorkbench.org. What we're going to do is to map out errors we have been able to reproduce, mark them if they're "only sometimes" and then create a message and link like Having trouble logging in? which at least has more info and tips.

The plus side is that even when errors do occur, trying the same thing a second time often works. Frustrating from a systems perspective, but at least we haven't found a hard blocking error.

---

Here's one, for example, showing up in Sentry:

Sentry Issue: MAPKNITTER-4G

NoMethodError: undefined method `[]' for nil:NilClass
  app/controllers/sessions_controller.rb:76:in `block in openid_authentication'
    identity_url = identity_url.split('/')[0..-2].join('/') + '/' + registration['nickname']
  app/controllers/sessions_controller.rb:69:in `openid_authentication'
    authenticate_with_open_id(openid_url, required: %i(nickname email fullname)) do |result, identity_url, registration|
  app/controllers/sessions_controller.rb:45:in `create'
    openid_authentication(url, back_to)
...
(92 additional frame(s) were not displayed)

[jywarren]

Trying this I didn't see an error, it worked normally for me. But I am suspicious - i wonder if "nickname" exists for all GitHub OAuth accounts?

[jywarren]

mapknitter/app/controllers/sessions_controller.rb

Lines 75 to 94 in 4331ef0

	# we splice back in the real username from PublicLab.org's response
	identity_url = identity_url.split('/')[0..-2].join('/') + '/' + registration['nickname']
	if result.successful?
	@user = User.find_by_identity_url(identity_url)
	unless @user
	@user = User.new
	@user.login = registration['nickname']
	@user.email = registration['email']
	@user.identity_url = identity_url
	hash = registration['fullname'].split(':')
	@user.role = hash[1].split('=')[1]
	begin
	@user.save!
	rescue ActiveRecord::RecordInvalid => e
	puts e
	failed_login "User can not be associated to local account. Probably the account already exists with different capitalization!"
	return
	end
	end

[jywarren]

We seem to be seeing a web of errors; let's try to map it out:

Scenario A

• what's the initial state?
• logging into MK.org using GitHub OAuth shows a 500 error
• this happened multiple times; the Sentry error at top of this issue shows 4x for @icarito today

Scenario B

1. While logged into PL.org and having GitHub OAuth associated with PL.org, tried logging into MK.org using GitHub OAuth
2. was directed to PL.org dashboard (error 1 of this scenario)
3. then went back to MK.org and logged in again via GitHub OAuth
4. was directed to PL.org dashboard again (seemingly repeat of error in step 2)
5. went back to MK.org and logged in via PL.org OpenID
6. success of login to MK.org

[jywarren]

Inconsistent results, too! From @icarito -

On second try, with a new incognito window, I was again sent to PL.O dashboard, but when I try again from MK using GitHub OAuth, it worked

[icarito]

I tried again from a different browser, and in Scenario B, I was able to login on second attempt via Github.

[jywarren]

I wonder, on the error itself, if the nil value is for registration[] or identity_url.split('/')[]? That could make a big difference... i'll check the logs on PL.org maybe:

identity_url = identity_url.split('/')[0..-2].join('/') + '/' + registration['nickname']

[icarito]

Perhaps the 500 issue (Scenario A) is arising from a faulty response from Github? That would explain why we can't reproduce.