[BUG] Login hangs with custom OAuth

[bstillman]

• Your Rocket.Chat app version: 2.5.0
• Your Rocket.Chat server version: 0.65.2
• Device (or Simulator) you're running with: iPhone X

Using a custom OAuth provider (Invision Power Board). The button appears (Login via OhioRiders), but the below screenshot is all I get. Nothing in the Nginx logs (reverse proxy) and nothing in the Rocket.Chat server logs. If I log in with a native user (admin user created at install), it works fine. If I login via OAuth on the web app it's fine. Only on this iOS app does it seem to hang and do nothing.

If you'd like to test/verify, create an account at https://ohioriders.net, then try to login to https://chat.ohioriders.net.

Thanks.

[cardoso]

@bstillman Thanks for providing us with means to test the bug. I'll take a look as soon as possible.

[cardoso]

@bstillman I actually can't access https://ohioriders.net/

[bstillman]

If you visit the website directly, are you able to see the website/forum or are you getting a plaintext message about DNS not being updated yet?

[bstillman]

Some more info. Note dates/times are UTC.

I see this in the Nginx access log:

75.118.200.129 - - [27/Jun/2018:16:17:13 +0000] "GET /_timesync HTTP/1.1" 200 13 "https://chat.ohioriders.net/admin/view-logs" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15"
75.118.200.129 - - [27/Jun/2018:16:17:16 +0000] "GET /api/v1/settings.oauth HTTP/1.1" 200 372 "-" "RC Mobile; iOS 11.3.1; v2.5.0 (179)"
75.118.200.129 - - [27/Jun/2018:16:17:18 +0000] "GET /api/v1/info HTTP/1.1" 200 80 "-" "RC Mobile; iOS 11.3.1; v2.5.0 (179)"
75.118.200.129 - - [27/Jun/2018:16:17:19 +0000] "GET /api/v1/settings.public?fields=%7B%22type%22:1%7D&query=%7B%22_id%22:%7B%22$in%22:%5B%22Site_Url%22,%22CDN_PREFIX%22,%22Site_Name%22,%22Assets_favicon_512%22,%22UI_Use_Real_Name%22,%22UI_Allow_room_names_with_special_chars%22,%22Favorite_Rooms%22,%22Accounts_OAuth_Google%22,%22Accounts_OAuth_Facebook%22,%22Accounts_OAuth_Github%22,%22Accounts_OAuth_Gitlab%22,%22Accounts_OAuth_Linkedin%22,%22Accounts_OAuth_Wordpress%22,%22LDAP_Enable%22,%22CAS_enabled%22,%22CAS_login_url%22,%22API_Gitlab_URL%22,%22Accounts_ShowFormLogin%22,%22Accounts_RegistrationForm%22,%22Accounts_PasswordReset%22,%22Accounts_EmailOrUsernamePlaceholder%22,%22Accounts_PasswordPlaceholder%22,%22Accounts_EmailVerification%22,%22Accounts_AllowUserProfileChange%22,%22Accounts_AllowUserAvatarChange%22,%22Accounts_AllowRealNameChange%22,%22Accounts_AllowUsernameChange%22,%22Accounts_AllowEmailChange%22,%22Accounts_AllowPasswordChange%22,%22FileUpload_Storage_Type%22,%22Message_HideType_uj%22,%22Message_HideType_ul%22,%22Message_HideType_au%22,%22Message_HideType_mute_unmute%22,%22Message_HideType_ru%22,%22Message_ShowDeletedStatus%22,%22Message_AllowDeleting%22,%22Message_AllowDeleting_BlockDeleteInMinutes%22,%22Message_ShowEditedStatus%22,%22Message_AllowEditing%22,%22Message_AllowEditing_BlockEditInMinutes%22,%22Message_AllowPinning%22,%22Message_AllowStarring%22,%22Message_GroupingPeriod%22,%22Message_MaxAllowedSize%22,%22Message_Read_Receipt_Enabled%22,%22Message_Read_Receipt_Store_Users%22,%22Accounts_CustomFields%22,%22First_Channel_After_Login%22%5D%7D%7D&count=0&offset=0 HTTP/1.1" 200 758 "-" "RC Mobile; iOS 11.3.1; v2.5.0 (179)"
75.118.200.129 - - [27/Jun/2018:16:17:19 +0000] "GET /api/v1/settings.oauth HTTP/1.1" 200 372 "-" "RC Mobile; iOS 11.3.1; v2.5.0 (179)"
75.118.200.129 - - [27/Jun/2018:16:17:54 +0000] "GET /websocket HTTP/1.1" 101 83 "-" "RC Mobile; iOS 11.3.1; v2.5.0 (179)"```

Nothing is in the Nginx error log. 

I enabled debug logging in Rocket Chat:

```I20180627-16:15:00.579(0) SyncedCron ➔ info Starting "Generate download files for user data". 
I20180627-16:15:00.581(0) SyncedCron ➔ info Finished "Generate download files for user data". 
I20180627-16:15:00.619(0) SyncedCron ➔ info Not running "Generate download files for user data" again. 
I20180627-16:15:14.349(0) API v1 Logger ➔ debug GET: /api/v1/info 
I20180627-16:15:14.350(0) API ➔ debug Success { statusCode: 200,   body: { info: { version: '0.65.2' }, success: true } } 
I20180627-16:15:14.652(0) Meteor ➔ publish null -> userId: null , arguments:  {} 
I20180627-16:15:14.780(0) API v1 Logger ➔ debug GET: /api/v1/settings.public?fields=%7B%22type%22:1%7D&query=%7B%22_id%22:%7B%22$in%22:%5B%22Site_Url%22,%22CDN_PREFIX%22,%22Site_Name%22,%22Assets_favicon_512%22,%22UI_Use_Real_Name%22,%22UI_Allow_room_names_with_special_chars%22,%22Favorite_Rooms%22,%22Accounts_OAuth_Google%22,%22Accounts_OAuth_Facebook%22,%22Accounts_OAuth_Github%22,%22Accounts_OAuth_Gitlab%22,%22Accounts_OAuth_Linkedin%22,%22Accounts_OAuth_Wordpress%22,%22LDAP_Enable%22,%22CAS_enabled%22,%22CAS_login_url%22,%22API_Gitlab_URL%22,%22Accounts_ShowFormLogin%22,%22Accounts_RegistrationForm%22,%22Accounts_PasswordReset%22,%22Accounts_EmailOrUsernamePlaceholder%22,%22Accounts_PasswordPlaceholder%22,%22Accounts_EmailVerification%22,%22Accounts_AllowUserProfileChange%22,%22Accounts_AllowUserAvatarChange%22,%22Accounts_AllowRealNameChange%22,%22Accounts_AllowUsernameChange%22,%22Accounts_AllowEmailChange%22,%22Accounts_AllowPasswordChange%22,%22FileUpload_Storage_Type%22,%22Message_HideType_uj%22,%22Message_HideType_ul%22,%22Message_HideType_au%22,%22Message_HideType_mute_unmute%22,%22Message_HideType_ru%22,%22Message_ShowDeletedStatus%22,%22Message_AllowDeleting%22,%22Message_AllowDeleting_BlockDeleteInMinutes%22,%22Message_ShowEditedStatus%22,%22Message_AllowEditing%22,%22Message_AllowEditing_BlockEditInMinutes%22,%22Message_AllowPinning%22,%22Message_AllowStarring%22,%22Message_GroupingPeriod%22,%22Message_MaxAllowedSize%22,%22Message_Read_Receipt_Enabled%22,%22Message_Read_Receipt_Store_Users%22,%22Accounts_CustomFields%22,%22First_Channel_After_Login%22%5D%7D%7D&count=0&offset=0 
I20180627-16:15:14.782(0) API ➔ debug Success { statusCode: 200,   body:     { settings:        [ [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object] ],      count: 49,      offset: 0,      total: 49,      success: true } } 
I20180627-16:15:15.432(0) API v1 Logger ➔ debug GET: /api/v1/settings.oauth 
I20180627-16:15:15.434(0) API ➔ debug Success { statusCode: 200,   body: { services: [ [Object] ], success: true } } 
I20180627-16:17:16.411(0) API v1 Logger ➔ debug GET: /api/v1/settings.oauth 
I20180627-16:17:16.413(0) API ➔ debug Success { statusCode: 200,   body: { services: [ [Object] ], success: true } } 
I20180627-16:17:18.751(0) API v1 Logger ➔ debug GET: /api/v1/info 
I20180627-16:17:18.754(0) API ➔ debug Success { statusCode: 200,   body: { info: { version: '0.65.2' }, success: true } } 
I20180627-16:17:18.973(0) Meteor ➔ publish null -> userId: null , arguments:  {} 
I20180627-16:17:19.043(0) API v1 Logger ➔ debug GET: /api/v1/settings.public?fields=%7B%22type%22:1%7D&query=%7B%22_id%22:%7B%22$in%22:%5B%22Site_Url%22,%22CDN_PREFIX%22,%22Site_Name%22,%22Assets_favicon_512%22,%22UI_Use_Real_Name%22,%22UI_Allow_room_names_with_special_chars%22,%22Favorite_Rooms%22,%22Accounts_OAuth_Google%22,%22Accounts_OAuth_Facebook%22,%22Accounts_OAuth_Github%22,%22Accounts_OAuth_Gitlab%22,%22Accounts_OAuth_Linkedin%22,%22Accounts_OAuth_Wordpress%22,%22LDAP_Enable%22,%22CAS_enabled%22,%22CAS_login_url%22,%22API_Gitlab_URL%22,%22Accounts_ShowFormLogin%22,%22Accounts_RegistrationForm%22,%22Accounts_PasswordReset%22,%22Accounts_EmailOrUsernamePlaceholder%22,%22Accounts_PasswordPlaceholder%22,%22Accounts_EmailVerification%22,%22Accounts_AllowUserProfileChange%22,%22Accounts_AllowUserAvatarChange%22,%22Accounts_AllowRealNameChange%22,%22Accounts_AllowUsernameChange%22,%22Accounts_AllowEmailChange%22,%22Accounts_AllowPasswordChange%22,%22FileUpload_Storage_Type%22,%22Message_HideType_uj%22,%22Message_HideType_ul%22,%22Message_HideType_au%22,%22Message_HideType_mute_unmute%22,%22Message_HideType_ru%22,%22Message_ShowDeletedStatus%22,%22Message_AllowDeleting%22,%22Message_AllowDeleting_BlockDeleteInMinutes%22,%22Message_ShowEditedStatus%22,%22Message_AllowEditing%22,%22Message_AllowEditing_BlockEditInMinutes%22,%22Message_AllowPinning%22,%22Message_AllowStarring%22,%22Message_GroupingPeriod%22,%22Message_MaxAllowedSize%22,%22Message_Read_Receipt_Enabled%22,%22Message_Read_Receipt_Store_Users%22,%22Accounts_CustomFields%22,%22First_Channel_After_Login%22%5D%7D%7D&count=0&offset=0 
I20180627-16:17:19.047(0) API ➔ debug Success { statusCode: 200,   body:     { settings:        [ [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object],         [Object] ],      count: 49,      offset: 0,      total: 49,      success: true } } 
I20180627-16:17:19.712(0) API v1 Logger ➔ debug GET: /api/v1/settings.oauth 
I20180627-16:17:19.714(0) API ➔ debug Success { statusCode: 200,   body: { services: [ [Object] ], success: true } } ```

Sits at the spinning wheel icon in the screenshot in the first post after this and nothing else happens. Not even a timeout. 

[bstillman]

Not sure if this is helpful or not, but here's the Nginx config for the reverse proxy:

        listen 443 ssl;
        server_name chat.ohioriders.net;

        error_log /var/log/nginx/rocketchat_error.log;
        access_log /var/log/nginx/rocketchat_access.log;

        ssl_certificate /etc/letsencrypt/live/ohioriders.net/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/ohioriders.net/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 180m;

        location / {
            proxy_pass http://chat.ohioriders.net:3000/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forward-Proto https;
            proxy_set_header X-Nginx-Proxy true;
            proxy_redirect off;
        }
    }```

[cardoso]

@bstillman sorry for the long wait.

I can now access your website, and I created an account, but the OAuth doesn't work even in the web browser.

It took me back to the website to authorize the application, but just refreshed the chat tab after I authorized it and didn't log me in.

[bstillman]

Sorry, had it set so I had to manually activate new users. You should be able to log into the chat now.

Interesting that Rocket Chat doesn't give any kind of message indicating the accounts needs activated.

[cardoso]

Hi @bstillman I've identified and fixed the problem.

The problem is your authorize path being the full URL and we're not accounting for that yet.

But I think you can make it work with the current version without having to wait for us to update, just use paths in your OAuth configuration instead of the full URLs like this:

https://imgur.com/a/QV0cIU7

This should also fix it for Android.

[bstillman]

Sure enough, that worked. Thanks.

[rafaelks]

@bstillman Great! 🎉