Closed tatwell closed 7 years ago
To verify user record in IS&T identity server, see:
User provided a screenshot of the login screen displaying error message:
Invalid email or password.
As I suspect, user already exists in Signage production database.
On production server:
$ bundle exec rails console -e production
> user = User.where(email: 'EMAIL').first
> user.present?
=> true
> user.last_sign_in_at
=> Tue, 31 Jan 2017 19:07:54 UTC +00:00
The user password is not saved (as I believe it is with Blogs):
> user.attributes.keys
=> ["id", "email", "remember_created_at", "sign_in_count", "current_sign_in_at", "last_sign_in_at", "current_sign_in_ip", "last_sign_in_ip", "created_at", "updated_at", "first_name", "last_name", "role"]
Login is done using the Devise LDAP module:
I would expect this to reference the same record uses to log into Chapman network. So if he is able to log into the Chapman network, he should be able to log into this site. Still, I should probably confirm that he is using the same password.
User's current role is nil
:
user.role
=> nil
Still, that should produce the login message he sees.
Signage, it turns out, does require a valid Identity Service record, like Inside. It's just more devious about the way it handles it:
def lookup_in_active_directory(username)
data = JSON.parse(request(username))
raise UnexpectedActiveDirectoryFormat unless valid_identity_info?(data)
data
end
Notice the obfuscatory UnexpectedActiveDirectoryFormat
error. The unexpected format is that it the service doesn't reply with the email
, firstname
, and lastname
,
Signage doesn't provide a simple class like Inside to check these values against the IS&T identity service. So I used Inside locally as documented here. And lo and behold:
ChapmanIdentities.fetch 'blacey'
=> "{\"username\":\"blacey\",\"role\":null,\"firstname\":null,\"lastname\":null,\"email\":null,\"staff_department\":null,\"faculty_department\":null,\"school\":null,\"major\":null}"
I have emailed our IS&T Service Desk to request that they update the user's IDCache record. For details, see this comment:
Ed Lan from IS&T reports:
This person is a contractor, like Sodexo, so he doesn’t show up like a normal employee.
In reply, I asked if he could fill in the email
, firstname
, and lastname
fields so that user might log in.
Ed updated user record fields in IDCache.
I emailed user and requested he try to log in again.
He replied that he was able to log in.
User cannot log into our website because Chapman IDCache record is incomplete.
ChapmanIdentities
library locally.
User name:
blacey
User reports that he is able to log into Exchange and Blogs with account. I emailed him to confirm these facts and request a screenshot.
Trello Card: https://trello.com/c/Ua2d03Ju