Page MenuHomePhabricator

Loop trying to create an account in Wikimedia Space in certain cases
Closed, DeclinedPublic

Description

If you get the signup loop, try this:

  1. Close all Wikimedia Space and Phabricator tabs.
  2. Restart your browser.
  3. Go to https://discuss-space.wmflabs.org/ and click "Sign up"
  4. If you still get the loop, try "Log in"

If nothing of this works, you can create your account using your mobile phone (no problems reported so far).

Once you have your account created, you can "Log in" to Wikimedia Space from your desktop (no problems reported so far).

Background

At https://discuss-space.wmflabs.org/, clicking "Sign up" or "Log in" starts the authentication process with Phabricator. In some situations, this process enters a loop after clicking on "Continue to Application", giving a brief flash of the Discourse registration screen, but then returning to the Phabricator page.

image.png (337×877 px, 28 KB)

Let's investigate.

Event Timeline

Qgil triaged this task as High priority.Jun 25 2019, 5:40 PM
Quiddity subscribed.

I have the loop with: Firefox 67.0.4
It works successfully with: Chromium 74.0.3729.169

Quiddity updated the task description. (Show Details)
Quiddity updated the task description. (Show Details)

I get the loop in Firefox 60.7.0esr (64-bit)

Works with Firefox 66.0.5 (64-bit).
Also works with Chrome 62.0.3202.89 (64-bit)

Works fine for me with Firefox 67.0.3 (64-bit) (Linux)

Does it also happen with Javascript disabled?

Anything relevant shown in the 'console' of the Developer Tools? For more information, please see https://developer.mozilla.org/en-US/docs/Tools/Web_Console

I can no longer reproduce. (yay?!) Hopefully that means it has solved itself somehow?

Firefox 67.0.4 OSX: I seemed to be in the "loop" state when clicking on the "sign up" button, but then I tried clicking "log in" and the OAuth handshake succeeded and I was presented with the account creation screen as expected.

I'm getting this exact problem, with a loop on account creation, right now. Firefox 67.0.4 (64-bit)

@Darwinius can you test Log In vs Sign Up to see whether it makes a difference, please?

Also, an alternative could be to sign up / log in via mobile browser, and create the account there. I will provide more details later, but Mozilla Nightly 68.0a1 for Android seems to work just fine.

I get the loop with Chrome 73.0.3683.86 (Official Build) (64-bit), both with "sign up" and "log in".

I did not get the loop with Firefox 67.0 (64-bit).

I *think* I have good news...

I had a Firefox browser open since days with plenty of tabs, including some related to Wikimedia Space and Phabricator. I tried to sign up, I got the loop.

Then I closed the browser, and I opened it again, with just one tab. I went to https://discuss-space.wmflabs.org, I clicked Sign Up, I was asked for authorization by Phabricator, I accepted and... there was no loop!

One detail that made me think of browser sessions: I took a screenshot of the dialog that appears for a fraction of a second and I could see the field "Username" with a flag

x Checking username availability...

Screenshot from 2019-06-26 08-50-04.png (558×518 px, 44 KB)

A colleague sent another screenshot privately, and there the red flag was also displayed. The username in the example is available, but after seeing a successful account creation, I think what happens is that the dialog shows the red flag by default, and turns it green after verifying that it is available.

So maybe, somehow, a browser with many sessions and what not has a chance to prevent or confuse the username verification made by Phabricator - Discourse login, creating the loop. And maybe some browser versions are more likely to fall in that trap than others, but... can you try to close browser and try again with just one tab and a fresh session?

I was able to log in with Firefox 67.0.4. I can check tonight which Firefox version I used to sign up yesterday. (Edit: it was Firefox 68.0b8.)

Having the same problem with Chrome 75.0.3770.100.

Was able to login successfully with IE 11.0.9600.19355

I cannot reproduce the loop anymore, in exactly the same browser where yesterday got me stuck. I really think a browser reboot might suffice.

Because I cannot reproduce the loop, I can not check the problem in the developer Tools console of the browser, neither without JavaScript.

I saw the loop when I tried to sign up with my volunteer account in a private window in Safari (Mac OS) yesterday. I saw, "Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy." in the console.

I saw the Create new account window, left everything as it was, and created an account. Was able to login successfully.

Screen Shot 2019-06-25 at 12.28.35 PM.png (552×518 px, 55 KB)

Repeating the process again today I'm able to authenticate my volunteer account without issue. Perhaps this has to do with account creation and not repeat authentication.

I am unable to create a Discourse account because of this loop.

Chromium	73.0.3683.75 (Developer Build) built on Debian buster/sid, running on Debian 10.0 (64-bit)
Revision	909ee014fcea6828f9a610e6716145bc0b3ebf4a-refs/branch-heads/3683@{#803}
OS		Linux
JavaScript	V8 7.3.492.22

No obvious errors in the Javascript console.

I'm suspicious of some session cookies causing a logic error in the Discourse code, which would explain why others have reported that a browser restart fixes the issue.

Chromium 73.0.3683.75

@CDanis Do yo have a chance to update Chromium? There are reports of 74 working. I am still not sure that browser versions have much to do with this, but perhaps it helps while we figure out this problem?

@Qgil I experimented loging in with my mobile phone, and it worked. After that Firefox (with a zillion open tabs, true) was a bit confused, a message showed up saying I had to login with WordPress, but no WordPress login was available. It eventually ended up working afterwards, and now I get automatically signed in in Firefox even with all those open tabs.

Saving dozens of tabs and restarting Safari seems to have solved the problem. Or perhaps it went away for unrelated reasons.

Qgil edited projects, added Space (Jul-Sep-2019); removed Space.

Because this loop is a problem that we have never heard about at https://discourse-mediwaiki.wmflabs.org and because that Discourse and Space's one are essentially the same and connect in the same way, my suspicion is...

... the "Login with Discourse" link we have at https://space.wmflabs.org, which is the only difference between both environments that I can think of. This link works well to purely log in / signup to WordPress users who already have a Discourse account (by virtue of Discourse being a SSO provider for WordPress). However, if a new user starts clicking there, then the jump may become some kind of triple salto: from WP to Discourse, from Discourse to Phabricator, and if the user isn't logged in to Phabricator already then from Phabricator to MediaWiki.org (add on top of this the possibility of having to create a Phabricator account via SSO with MediaWiki).

OK, you see the risk of something getting out of sync with so many hops and clicks.

I am going to file a task to hide that "Log in with Discourse" link for now.

I have the loop. On both my accounts (two different Chrome sessions, one for my volunteer account, one for my WMF account). Chrome, under Linux Mint: Version 73.0.3683.86 (Build officiel) (64 bits)
I'm not sure how to start a new session altogether, I probably should uncheck the "save browser state" somewhere, I guess. Just wanted to report that this happens on Chrome too.

Qgil renamed this task from Loop trying to create an account in Wikimedia Space with certain browser versions to Loop trying to create an account in Wikimedia Space in certain cases.Jun 28 2019, 11:53 AM
Qgil updated the task description. (Show Details)
Qgil moved this task from Backlog to Started on the Space (Jul-Sep-2019) board.

As far as I am aware, since T226823 was applied there haven't been more reports about the loop, and I see that users who got the loop now are registered. I don't think we have enough evidence to be sure that the problem is induced by the "Log in with Discourse" link in WordPress, but so far the hypothesis stands.

I'm marking this task as declined. I think we have done what we could to minimize the impact of this bug. The way forward is T215052: Add MediaWiki login support to Discourse.