Closed elizabethyalkut closed 1 year ago
elizabethyalkut
commented
1 year ago according to Birkin:
the tribal-partners login was not meant for the data-entry-form /login/ screen (that shows shib and non-shib login options -- so it should fail there. The goal was to have folk be able to log into the browse/exp.search area and not be able to edit stuff.
elizabethyalkut
commented
1 year ago So my current understanding of this bug:
birkin
commented
1 year ago From Feb 24...
... I can't fix this using my local because logging in with the
tribalpartnersusername on either login form locally doesn't work ...
@elizabethyalkut Depending on how you're running locally, you can use these credentials.
birkin
commented
1 year ago So my current understanding of this bug:
- the partner login should work locally on browse_login
- the partner login should trigger the manual_login_error message on login_form
@elizabethyalkut Correct to both.
birkin
commented
1 year ago @elizabethyalkut -- It's not clear to me if the tribal-partner login really wasn't working for Lin -- or that he was confused because the data-entry-form login-button (that takes you to the shib/manual-login page) appears in the header of the browse-page -- and it didn't used to appear on the browse-page.
(see the SR authentication google-doc for the screenshots of how the browse page used to look -- or try git checkout da922fba29c7268095b8229c9c748849d4458ca0)
So maybe he clicked that login link, went to the data-entry-form login-page, and tried to enter the tribal-partner credentials into the manual-login form, which would fail.
elizabethyalkut
commented
1 year ago From Feb 24...
... I can't fix this using my local because logging in with the
tribalpartnersusername on either login form locally doesn't work ...@elizabethyalkut Depending on how you're running locally, you can use these credentials.
Thank you, that was the info I needed!
So maybe he clicked that login link, went to the data-entry-form login-page, and tried to enter the tribal-partner credentials into the manual-login form, which would fail.
I suspect that's what happened. I am working on making this more comprehensible, now I have a better understanding of the authentication model.
birkin
commented
1 year ago Addressed in commit e8631fcbb58e54f0ca3b3d7a21cd039369789024
Dr. Fisher reported that logging in with the
tribalpartnersusername on Safari, the data in browse didn't load. I can't reproduce this, and tested on both dev and prod.However, in testing, I noticed that the
tribalpartnerslogin only works on thebrowse_loginform, not thelogin_formpage. The non-Shib login there just fails silently with no error message.I can't fix this using my local because logging in with the
tribalpartnersusername on either login form locally doesn't work; on browse_login, I get the error message "Problem: based on your login, it appears you're not authorized to use this database-browser. If you believe you should be able to login to this system, please contact someone at this https://indigenousslavery.org/people/ web-page for assistance." which is at least correct failure behavior (nts: language there needs improvement), and have the same silent failure on login_form.