ritstudentgovernment / petitions

PawPrints petition application for the RIT community.
https://pawprints.rit.edu
MIT License
35 stars 13 forks source link

cannot log in #136

Open khipkin opened 8 years ago

khipkin commented 8 years ago

(Accidentally initially reported in the other repository.)

I haven't been able to log into the pawprints site for months, but I just remembered that the site is actually open-source.

I try to log in using the button on the top of the page, then the little pop-up login box. I enter my credentials, submit, and nothing happens.

However, there are tons of errors in the console: image

More and more of the second type of errors generate as I wait... seems like there is a retry loop somewhere that just fails over and over again.

I'm running Chrome (image) on Windows 10.

Also, I do use AdBlock, but I turned it off for the entire pawprints.rit.edu/* domain and was still unable to log in.

petermikitsh commented 8 years ago

I'm no longer a contributor to PawPrints (and I believe there is a rewrite going on), but I highly recommend the team use SAML2 over the current LDAP implementation.

RIT's LDAP service isn't all that stable compared to Shibboleth. For example, with LDAP, sometimes successful auth attempts don't return with the data PawPrints expects, like first name and last name. SAML2 is the way to go.

Additionally, SAML2 is more secure, as RIT computer account credentials won't go through the service.

khipkin commented 7 years ago

For the record, I am able to login using an incognito window in Chrome.

Thyri commented 7 years ago

Hi Kaitlin!

I tried replicating your error and was able to log in just fine in incognito. If you'd like to come in to the sg office so that I can see it first hand, we

Thyri commented 7 years ago

Can try and fix it (sorry for the double comment something went wrong on my phone)

khipkin commented 7 years ago

@Thyri I am also able to login in incognito, as I said above. Thanks for the offer, but this work-around is good enough for me.

omardlhz commented 7 years ago

@khipkin did you try clearing your history/cache?

khipkin commented 7 years ago

No, but this has been an issue for months, and I don't think caches persist for that long.

petermikitsh commented 7 years ago

If it works incognito, but not normally, it sounds like it could be an issue with cookies or session storage.

khipkin commented 7 years ago

@petermikitsh That's probably the case.

However, the fact that the site does nothing when authentication fails is really bad. Normal users wouldn't open the browser console, so they would have no idea anything actually went wrong. The site shows absolutely no change and offers no feedback. Even just prompting users to clear their cache or delete their cookies would be better than silently failing in an infinite loop.