FreshSource login is broken on new git code

[dlangille]

Try it. It fails. ;)

[grahamperrin]

Related to the ports transition to git, yes?

[dlangille]

I'm not sure it is related at all.

[orjano]

Any progress with the login problem?

[dlangille]

Related to the ports transition to git, yes?

Unsure. It may be related to other recent code changes.

[dlangille]

Any progress with the login problem?

No sorry. Is this holding you up from something? Anything that I can help with in the meantime?

[orjano]

Any progress with the login problem?

No sorry. Is this holding you up from something? Anything that I can help with in the meantime?

I was just wondering if there was any news since it is two weeks since the post was created and no new reply to this thread. Seems like a strange bug since it on the browser side appear that the server just completely ignores the request of getting to the login section.

[dlangille]

The past two weeks have been primarily the final configuration items for the git-changeover. This issue will get fixed. I'm not sure when.

[dlangille]

Huh.

Looks like I fixed it at https://devgit.freshsource.org

@orjano can you confirm please?

[orjano]

I just tested with firefox and chrome. I got to the login page, a valid login gives a successful login, but any action after that is as a user not being logged in. So some sort of cookie issue needed to fixed in order to remain logged in?

[dlangille]

This is related to the cookie value. The cookie set by freshsource is different from the one expected by the server.

[dlangille]

@orjano can you test at https://dev.freshsource.org please?

[orjano]

Don't know what you want me to test :)

Tried my normal login and that fails with these errors https://orjan.net/t/freshports01.png Also tested the "forgotten password" and it appeard to work on the website, but never received email

[dlangille]

Your login at dev.freshports.org works OK too? It might be an older password.

The email is now with fastmail.com and on its way to you. It might be delayed if you are using greylisting.

[orjano]

My login on dev.freshports.org is being processed, but fails because i don't remember the password there. Tried a second time to get a password reset email but i have still not received any emails.

[dlangille]

Is greylisting being used? If you don't know what it is, you're not using it. :)

[orjano]

I'm not using any mail protection on the client side and I'm not sure if the service provider hosting my mail domains use any form of spam protection or other blocking method.

[dlangille]

Using the mail logs, I found your account and have forwarded your URL to you via email.

[orjano]

Got your manual email, but the password change page complained that the token was no longer valid after i entered a new password and tried to continue.

[dlangille]

Thank you. I will come back to this another day. :)

[dlangille]

I've done some work related to this issue.

During that testing, you may have received emails regarding a password change. That was me. Please ignore it.

Please try resetting your password at https://dev.freshsource.org

[dlangille]

@orjano I pushed these changes to production as part of another fix I needed to do. Things better now?

[orjano]

Password reset does not seem to work on either dev.* or freshports. I get the "email on its way" but no email.

[dlangille]

The email is sent. I see it going out, in the logs. I also sent you an email from my laptop.

[dlangille]

The mail you are getting should be coming from a fastmail.com server.

[dlangille]

Have you checked your logs?

[orjano]

I got your laptop test email, but nothing else. I use a domain/web/email provider for email, so i don't have access to any logs. They are quite large in Norway, so it would be strange if there was a problem with them. I notice almost never issues with other emails. I do have access to the zone file, i think the zone file is set to reject silently emails if the email arrives from another smtp server then the one listed for the senders domain(senders domain mail server in zone file)

[orjano]

Do you use the same smtp server for both server and your laptop email? It might be some email headers added from the webserver that causes the rejection.

[dlangille]

The server email also goes through fastmail.com - so yes, both emails came from FastMail.

[orjano]

You could try to send me an email from the server by bypassing webcode by using sendmail, mutt or some other client directly from CLI to see if there is some headers from webcode or if it's an issue from smtp on the server in general.

[dlangille]

I do have access to the zone file, i think the zone file is set to reject silently emails if the email arrives from another smtp server then the one listed for the senders domain(senders domain mail server in zone file)

I don't know how to check that. The email will go through these hosts:

• dev-nginx01.int.unixathome.org
• cliff.int.unixathome.org
• smtp.fastmail.com

[dlangille]

You could try to send me an email from the server by bypassing webcode by using sendmail, mutt or some other client directly from CLI to see if there is some headers from webcode or if it's an issue from smtp on the server in general.

Two emails sent, one from dev, one from cliff, via:

echo testing from dan via dev | mail you@example.org

[orjano]

If your senders domain is "domain.net" and email for domain.net in it's zone file list "smtp.isp.com" as the it's mail server, then my zone file will reject silently all email from "someone@domain.net" unless it originates from the mail server "smtp.isp.com". so if you tried to send me an email in this example from "someone@domain.net" but set up "smtp.google.com" as your smtp server, then it would be rejected.

[dlangille]

Are you talking about SPF? Something else?

I'm happy to look but need to know where.

[orjano]

I have not received anything yet. I can try to change the behavior from silent reject to reject with error or disable it tomorrow to see if that's the issue. Time is 3AM here now, so i need some sleep :) It is quite normal these days to reject the way i have set it up, because that prevent all the fake emails from scammers trying to pretend to be sending from @paypal.com addresses as the receiving domain zone file can choose to reject those emails. Silent rejection is also the best way to prevent Denial of service attacks from the reject reply's. It might be the case if your logs shows everything to be fine. I think it's SPF, but i'm not totally sure, It have been years since i last time updated these more modern email zone values.

[dlangille]

The login works now. @orjano any luck?