Sign up failures with Github

[preriasusi]

[Sentry] [Apinf Team Apinf production] error: : We have sent you an email. Please verify your email address. [500]1 message Unknown person Title: Login issues in apinf.io

Steps

1. Go to apinf.io or nightly.apinf.io
2. Log out if you sign in
3. Go to "Sign up" page and click on "Register to github"|
4. Get access to apinf product
5. Click on "Sign in"

Actual result:

• Message about e-mail verification
• A user can't login because his e-mail isn't verified
• No e-mail for verification

Expected result:

• A user can login to site
• Don't show message about verification
• Don't expect email verification

[Sentry] [Apinf Team Apinf production] error: : We have sent you an email. Please verify your email address. [500]1 message Unknown person

"Internal server error" when trying to login/register using github on apinf.io and nightly.

[anarva]

There are two source files which handle the GitHub registration and verification. No changes in the code recently. Unless the GitHub OAuth login module or lodash has changed - and it looks like they have not - the issues could well be due to some configuration change.

Performed when a new account is created: -platform/apinf_packages/users/server/accounts_hooks.js

// from row 12 owards
Accounts.onCreateUser((options, user) => {  //this method is activated when creating a user
..
 // Check services object exists
  if (user.services) {
    // Case 1: Register with Github
    if (user.services.github) {
      // Set user email address from Github email
      user.emails = [
    {
      address: user.services.github.email,
      verified: true,   // <------ This is where the verified flag is set
    },
      ];

Performed on each login attempt: -platform/apinf_packages/users/server/login_verify.js

//from row 39 onwards:

if (user && user.emails && (user.emails.length > 0)) {
        // Get user emails
    const emails = parameters.user.emails;

    // Check if any of user's emails are verified
    const verified = _.find(emails, (email) => { return email.verified; }); //Note: _.find() returns true if at least one is true

    // If no email is verified, throw an error
    if (!verified) {  //<------ Here's where the verified flag is checked
      throw new Meteor.Error(500, TAPi18n.__('loginVerify_errorMessage'));
    //Note: loginVerify_errorMessage = "We have sent you an email. Please verify your email address."

[preriasusi]

On current staging with 0.51.1 whenI try to sign up with github, I get notifigation "We have sent you an email. Please verify your email address.". No email comes anyway.

When I go to sign in, and I re-send verification email, I get it, and I get my account working.

[marla-singer]

Investigation result report

• 0.50.0 version of the release. Verified on apinf.io and development environment with tag 0.50.0 Sign Up/ Sign in via GitHub work as expected.

• 0.51.1 version of the release. Verified on staging.apinf.io and development environment with tag 0.51.1 Sign Up doesn't work via GitHub

  1. Message about e-mail verification
  2. A user can't sign in because his e-mail isn't verified
  3. No e-mail for verification

No changes in the code are related to the registered mechanism. Perhaps, problem came from Meteor itself (https://github.com/meteor/meteor/issues/8510)

• latest commits. Verified on nightly.apinf.io and current develop branch Sign Up/ Sign in via GitHub work as expected.

After 0.52 release a new client can sign up/sign in via GitHub without the problem. We need to take care of the old clients with the problem.

Assume solutions

1. Create a new migration step that will set flag "true" for all GitHub accounts that are false verification. The 0.52 release will include this migration and these changes will be applied to nightly, staging and production sites. OR

2. The fastest way to staging: Manually in the database check all GitHub accounts as verified these are not so. On another hand, we need to repeat this step for production site after 0.52 release. OR (if it is possible)

3. Send verification e-mail if verification fails for some reason. Not sure about this step - can we handle this?

[preriasusi]

@anarva to check the possibilities to update Github library

[anarva]

Checked the health of the accounts-github implementation which is part of Meteor core packages. It' active and the development process is ongoing. As long as we continue using Meteor/blaze, this current way is the correct way to use Github login.

To improve the Github login experience, my recommendation is to improve the error handling and reporting of the current login process. For each failed login attempt, all available info should be stored for future reference.

[anarva]

To access the docker logs (including the errors with sing up) you need to do the following:

1. Check the running instances with command "docker ps".
2. Check the logs of a specific instance as described here, https://docs.docker.com/engine/reference/commandline/logs/.