User reports unable to sign in.

[tatwell]

User name: blacey

User reports that he is able to log into Exchange and Blogs with account. I emailed him to confirm these facts and request a screenshot.

Trello Card: https://trello.com/c/Ua2d03Ju

[tatwell]

To verify user record in IS&T identity server, see:

• https://github.com/chapmanu/inside/issues/772#issuecomment-271670739

[tatwell]

User provided a screenshot of the login screen displaying error message:

Invalid email or password.

[tatwell]

As I suspect, user already exists in Signage production database.

On production server:

$ bundle exec rails console -e production
> user = User.where(email: 'EMAIL').first
> user.present?
 => true 
> user.last_sign_in_at
  => Tue, 31 Jan 2017 19:07:54 UTC +00:00

The user password is not saved (as I believe it is with Blogs):

> user.attributes.keys
 => ["id", "email", "remember_created_at", "sign_in_count", "current_sign_in_at", "last_sign_in_at", "current_sign_in_ip", "last_sign_in_ip", "created_at", "updated_at", "first_name", "last_name", "role"] 

Login is done using the Devise LDAP module:

• https://github.com/chapmanu/signage/blob/development/config/initializers/ldap_authenticatable.rb

I would expect this to reference the same record uses to log into Chapman network. So if he is able to log into the Chapman network, he should be able to log into this site. Still, I should probably confirm that he is using the same password.

User's current role is nil:

user.role
 => nil 

Still, that should produce the login message he sees.

[tatwell]

Signage, it turns out, does require a valid Identity Service record, like Inside. It's just more devious about the way it handles it:

    def lookup_in_active_directory(username)
      data = JSON.parse(request(username))
      raise UnexpectedActiveDirectoryFormat unless valid_identity_info?(data)
      data
    end

Notice the obfuscatory UnexpectedActiveDirectoryFormat error. The unexpected format is that it the service doesn't reply with the email, firstname, and lastname,

Signage doesn't provide a simple class like Inside to check these values against the IS&T identity service. So I used Inside locally as documented here. And lo and behold:

ChapmanIdentities.fetch 'blacey'
=> "{\"username\":\"blacey\",\"role\":null,\"firstname\":null,\"lastname\":null,\"email\":null,\"staff_department\":null,\"faculty_department\":null,\"school\":null,\"major\":null}"

[tatwell]

I have emailed our IS&T Service Desk to request that they update the user's IDCache record. For details, see this comment:

• https://github.com/chapmanu/inside/issues/772#issuecomment-320042456

[tatwell]

Ed Lan from IS&T reports:

This person is a contractor, like Sodexo, so he doesn’t show up like a normal employee.

In reply, I asked if he could fill in the email, firstname, and lastname fields so that user might log in.

[tatwell]

Ed updated user record fields in IDCache.

I emailed user and requested he try to log in again.

He replied that he was able to log in.

[tatwell]

Summary

Problem

User cannot log into our website because Chapman IDCache record is incomplete.

Resolution

• Confirmed IDCache record is null using Inside ChapmanIdentities library locally.
• Contacted IS&T and request they update the record. For an example email, see https://github.com/chapmanu/inside/issues/772#issuecomment-320042456.
• Ed Lan in IS&T updated the record so that the user was able to sign in successfully.