Page MenuHomePhabricator

Loop trying to create an account in Wikimedia Space in certain cases
Closed, DeclinedPublic

Description

If you get the signup loop, try this:

  1. Close all Wikimedia Space and Phabricator tabs.
  2. Restart your browser.
  3. Go to https://discuss-space.wmflabs.org/ and click "Sign up"
  4. If you still get the loop, try "Log in"

If nothing of this works, you can create your account using your mobile phone (no problems reported so far).

Once you have your account created, you can "Log in" to Wikimedia Space from your desktop (no problems reported so far).

Background

At https://discuss-space.wmflabs.org/, clicking "Sign up" or "Log in" starts the authentication process with Phabricator. In some situations, this process enters a loop after clicking on "Continue to Application", giving a brief flash of the Discourse registration screen, but then returning to the Phabricator page.

Let's investigate.

Event Timeline

Qgil created this task.Jun 25 2019, 5:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 25 2019, 5:40 PM
Qgil triaged this task as High priority.Jun 25 2019, 5:40 PM
Quiddity updated the task description. (Show Details)Jun 25 2019, 5:42 PM
Quiddity added a subscriber: Quiddity.

I have the loop with: Firefox 67.0.4
It works successfully with: Chromium 74.0.3729.169

Qgil updated the task description. (Show Details)Jun 25 2019, 5:43 PM
Quiddity updated the task description. (Show Details)Jun 25 2019, 5:46 PM
Quiddity updated the task description. (Show Details)
Quiddity updated the task description. (Show Details)
Qgil added a comment.Jun 25 2019, 5:48 PM

I get the loop in Firefox 60.7.0esr (64-bit)

Works with Firefox 66.0.5 (64-bit).
Also works with Chrome 62.0.3202.89 (64-bit)

mmodell added a subscriber: mmodell.EditedJun 25 2019, 5:50 PM

Works fine for me with Firefox 67.0.3 (64-bit) (Linux)

Elitre added a subscriber: Elitre.Jun 25 2019, 5:53 PM
Tgr added a subscriber: Tgr.Jun 25 2019, 5:56 PM

Does it also happen with Javascript disabled?

Anything relevant shown in the 'console' of the Developer Tools? For more information, please see https://developer.mozilla.org/en-US/docs/Tools/Web_Console

I can no longer reproduce. (yay?!) Hopefully that means it has solved itself somehow?

Firefox 67.0.4 OSX: I seemed to be in the "loop" state when clicking on the "sign up" button, but then I tried clicking "log in" and the OAuth handshake succeeded and I was presented with the account creation screen as expected.

I'm getting this exact problem, with a loop on account creation, right now. Firefox 67.0.4 (64-bit)

Qgil added a comment.EditedJun 26 2019, 5:06 AM

@Darwinius can you test Log In vs Sign Up to see whether it makes a difference, please?

Also, an alternative could be to sign up / log in via mobile browser, and create the account there. I will provide more details later, but Mozilla Nightly 68.0a1 for Android seems to work just fine.

I get the loop with Chrome 73.0.3683.86 (Official Build) (64-bit), both with "sign up" and "log in".

I did not get the loop with Firefox 67.0 (64-bit).

Qgil added a comment.EditedJun 26 2019, 7:04 AM

I *think* I have good news...

I had a Firefox browser open since days with plenty of tabs, including some related to Wikimedia Space and Phabricator. I tried to sign up, I got the loop.

Then I closed the browser, and I opened it again, with just one tab. I went to https://discuss-space.wmflabs.org, I clicked Sign Up, I was asked for authorization by Phabricator, I accepted and... there was no loop!

One detail that made me think of browser sessions: I took a screenshot of the dialog that appears for a fraction of a second and I could see the field "Username" with a flag

x Checking username availability...

A colleague sent another screenshot privately, and there the red flag was also displayed. The username in the example is available, but after seeing a successful account creation, I think what happens is that the dialog shows the red flag by default, and turns it green after verifying that it is available.

So maybe, somehow, a browser with many sessions and what not has a chance to prevent or confuse the username verification made by Phabricator - Discourse login, creating the loop. And maybe some browser versions are more likely to fall in that trap than others, but... can you try to close browser and try again with just one tab and a fresh session?

Aklapper removed a subscriber: Aklapper.Jun 26 2019, 8:33 AM

I was able to log in with Firefox 67.0.4. I can check tonight which Firefox version I used to sign up yesterday. (Edit: it was Firefox 68.0b8.)

Gamaliel added a subscriber: Gamaliel.EditedJun 26 2019, 1:34 PM

Having the same problem with Chrome 75.0.3770.100.

Was able to login successfully with IE 11.0.9600.19355

Qgil added a comment.Jun 26 2019, 3:09 PM

I cannot reproduce the loop anymore, in exactly the same browser where yesterday got me stuck. I really think a browser reboot might suffice.

Because I cannot reproduce the loop, I can not check the problem in the developer Tools console of the browser, neither without JavaScript.

I saw the loop when I tried to sign up with my volunteer account in a private window in Safari (Mac OS) yesterday. I saw, "Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy." in the console.

I saw the Create new account window, left everything as it was, and created an account. Was able to login successfully.

Repeating the process again today I'm able to authenticate my volunteer account without issue. Perhaps this has to do with account creation and not repeat authentication.

CDanis added a subscriber: CDanis.Jun 26 2019, 4:47 PM

I am unable to create a Discourse account because of this loop.

Chromium	73.0.3683.75 (Developer Build) built on Debian buster/sid, running on Debian 10.0 (64-bit)
Revision	909ee014fcea6828f9a610e6716145bc0b3ebf4a-refs/branch-heads/3683@{#803}
OS		Linux
JavaScript	V8 7.3.492.22

No obvious errors in the Javascript console.

I'm suspicious of some session cookies causing a logic error in the Discourse code, which would explain why others have reported that a browser restart fixes the issue.

Qgil added a comment.Jun 26 2019, 7:43 PM

Chromium 73.0.3683.75

@CDanis Do yo have a chance to update Chromium? There are reports of 74 working. I am still not sure that browser versions have much to do with this, but perhaps it helps while we figure out this problem?

Darwinius added a comment.EditedJun 26 2019, 9:46 PM

@Qgil I experimented loging in with my mobile phone, and it worked. After that Firefox (with a zillion open tabs, true) was a bit confused, a message showed up saying I had to login with WordPress, but no WordPress login was available. It eventually ended up working afterwards, and now I get automatically signed in in Firefox even with all those open tabs.

Saving dozens of tabs and restarting Safari seems to have solved the problem. Or perhaps it went away for unrelated reasons.

Qgil moved this task from Inbox to Jul-Sep-2019 on the Space board.Jun 27 2019, 2:24 PM
Qgil edited projects, added Space (Jul-Sep-2019); removed Space.
Qgil added a comment.Jun 28 2019, 11:17 AM

Because this loop is a problem that we have never heard about at https://discourse-mediwaiki.wmflabs.org and because that Discourse and Space's one are essentially the same and connect in the same way, my suspicion is...

... the "Login with Discourse" link we have at https://space.wmflabs.org, which is the only difference between both environments that I can think of. This link works well to purely log in / signup to WordPress users who already have a Discourse account (by virtue of Discourse being a SSO provider for WordPress). However, if a new user starts clicking there, then the jump may become some kind of triple salto: from WP to Discourse, from Discourse to Phabricator, and if the user isn't logged in to Phabricator already then from Phabricator to MediaWiki.org (add on top of this the possibility of having to create a Phabricator account via SSO with MediaWiki).

OK, you see the risk of something getting out of sync with so many hops and clicks.

I am going to file a task to hide that "Log in with Discourse" link for now.

I have the loop. On both my accounts (two different Chrome sessions, one for my volunteer account, one for my WMF account). Chrome, under Linux Mint: Version 73.0.3683.86 (Build officiel) (64 bits)
I'm not sure how to start a new session altogether, I probably should uncheck the "save browser state" somewhere, I guess. Just wanted to report that this happens on Chrome too.

Qgil renamed this task from Loop trying to create an account in Wikimedia Space with certain browser versions to Loop trying to create an account in Wikimedia Space in certain cases.Jun 28 2019, 11:53 AM
Qgil updated the task description. (Show Details)
Qgil moved this task from Backlog to Started on the Space (Jul-Sep-2019) board.
TheDJ added a subscriber: TheDJ.Jun 28 2019, 2:10 PM

I have this too.

Qgil added a comment.Jul 4 2019, 7:19 AM

As far as I am aware, since T226823 was applied there haven't been more reports about the loop, and I see that users who got the loop now are registered. I don't think we have enough evidence to be sure that the problem is induced by the "Log in with Discourse" link in WordPress, but so far the hypothesis stands.

Qgil claimed this task.Jul 5 2019, 9:50 AM
Qgil closed this task as Declined.Jul 8 2019, 9:42 AM

I'm marking this task as declined. I think we have done what we could to minimize the impact of this bug. The way forward is T215052: Add MediaWiki login support to Discourse.

Qgil moved this task from Started to Evaluated on the Space (Jul-Sep-2019) board.Jul 10 2019, 9:41 PM