Closed rezzap closed 4 years ago
Tested and confirmed that attempting a 2FA login for a WordPress.com custom-domain private site using the site address flow fails with the following error while a 2FA login in for a .wordpress.com private site on the same account using the site address flow works normally.
Error while adding site. Error code GENERIC_ERROR
Video: 2m3s Tested with WPAndroid 15.6-rc-2 on Pixel 3 Android 10 logging to gotravelrewards.blog (while set to private) using the "Enter your site address" login flow.
I set this issue to medium priority because, even though this bug is in one of our critical flows (login), a workaround is available which is to use the "Continue with WordPress.com" login flow.
Adding the Requires Triage
label to get a confirmation on priority—is medium fine or should this issue be escalated to high priority and assigned because it's a login issue?
@renanferrari or @planarvoid, in unified login, should logging in to a private custom-domain site also log me in to my WordPress.com account like it does for a private .wordpress.com domain site?
@frosty @renanferrari can you please look into this one?
let me know @renanferrari if you need any help with investigating/fixing this issue
@designsimply @elibud @planarvoid Thanks for pinging me here.
Adding the
Requires Triage
label to get a confirmation on priority—is medium fine or should this issue be escalated to high priority and assigned because it's a login issue?
Since that workaround is available, medium seems fine for me as well.
@renanferrari or @planarvoid, in unified login, should logging in to a private custom-domain site also log me in to my WordPress.com account like it does for a private .wordpress.com domain site?
I'm not sure. We haven't done much testing on the site address flow, since we haven't modified it in any meaningful way. That said, how would I go about testing a private site? Do we have a wpmt site for that? If not, I guess I should setup my own and if that's the case, is it just a matter of going to the site's settings and changing it to private? Other than that, if I'm understanding correctly, I also should have a custom domain in place and a 2FA enabled? Is that it?
The wpmt sites are hosted elsewhere, and so you will want to setup a WordPress.com private site with a custom domain and set the owner account to be 2FA-enabled—quite the combination of things (another reason for medium priority and not high). 👍
I have a test account (I actually have MANY! 😂) and can add a test user to it if you have one (note: I almost always test as a regular user with an account separate from my a8c account for issues like this one). Or you can create a new test account and site any time. If you need free credits to use for testing the custom domain part, I can add those for you too.
fwiw, here's the same flow tested on WPiOS 15.6.0.1 and you can see that the workaround in that case is to ask the user to sign in with an application-specific password (as mentioned on the issue). I suspect this is because if the site is private and has 2FA then we may not be able to detect that it's a WordPress.com at the login stage in the app (?) and if that's the case then this flow might be a good option to match with WPiOS on.
Video: 46s
Tested with WPiOS 15.6.0.1 TestFlight beta on iPhone 11 iOS 13.6.1.
Alternately, I'd suggest simply logging someone with this kind of setup in to their WP.com account—if we can detect that—even if they choose the site address flow. I don't know why we'd want to let people sign in to WordPress.com with the site address flow anyway.
Just for some context, the reason why I've brought this up is that I seem to be seeing an increase of WordPress.com users who end up in the site address log in flow and get confused or stuck. This is new since the unified login, but on testing, this was the only area I ran into trouble. A lot of 'new sites' are set to private by default so I think this could be affecting a high number of new users who are trying to log back into the app after already creating a WordPress.com account. I can keep track of more tickets though going forward to see how much this is impacting and help with prioritizing.
@planarvoid It seems that we are not handling this specific error on FluxC. I haven't looked into the endpoint we're using, but I think we can handle this by just updating FluxC. Could you please let me know what you think?
I don't really know any specifics @renanferrari of the FluxC part but I think you're right. It should be enough to use a specific error that says something similar as the iOS app.
Expected behavior
I would expect that I could log in with the new unified login flow using my site address for a private WordPress.com site with a custom domain or be directed in the correct direction to be able to login.
Actual behavior
When I try to log in with my site address for a WordPress.com site using a custom domain, I get a generic error message.
Steps to reproduce the behavior
Note that on iOS I got a pop-up error at this same stage with the notice
this account has two-step authentication enabled. Please configure an application-specific password to use with this application
so I tried doing this on Android and was able to log in to the site using the application-specific password.On all other types of sites I tried this worked normally:
As a side-note, it's also odd that on iOS when I log in with the application-specific password I am logged into my WordPress.com account, but on Android, although I see all my sites listed and can manage them in the app if I click on 'Me' I'm not logged into my WordPress.com account which means there is no way for me to log out of these sites or WordPress.com without first logging into WordPress.com and logging out again.
Tested on Samsung Tab A, Android 10, WPAndroid 15.5-rc-3 & 15.6-rc-2