Forum OpenACS Development: Re: Login fails only to new users

Collapse
Posted by Iuri Sampaio on
Hi Ben,
Your idea brought positive results!

I tried to log in using login's webpage and the password was invalid. https://evex.co/register/user-new

Then, after resetting password, I was able to log in. However, API REST still returns "bad password"

user: mailto:iuri.sampaio@gmail.com
password: test

Failed to login.
http://evex.co/REST/userLoginRequest?username=iuri.sampaio@gmail.com&password=test&token=%22Please!%22

It seems acs-authentication denies any attempt from the custom package. Even though, the custom package as the same scripts and error.log shows the very same variables passing through the ad_procs. $auth_id, $impl_id and etc.

p.s. Old users (i.e. users registered using /acs-subsite/lib/user-new ) are able to login on both methods webpage and API REST

How would I debug ad_apply to find out where the new registration is garbling the password?

Collapse
Posted by Benjamin Brink on
Hi Iuri,
One way, is to step through the relevant code, adding ns_logs to log relevant values. This way,, when you make a test case, you can see where the value changes unexpectedly.

Maybe start where you know relevant values are accurate, and log at the last place just before values are stored. Then log at half points in between until you identify the offending code.
cheers,
Ben

Collapse
Posted by Iuri Sampaio on
That's done already. I've opened this thread precisely because of that. I've debugged all the way down, or should I say into ad_procs. I've added logs to all passages though them. At all log messages, username and password haven't changed so far, nothing is garbling pwd.

I've stopped at ad_apply, which I believe is the end point of debugging. In fact, I got stuck ad_apply because the code is very short and I believe there's no chance to the error be within deeper core ad_procs, is there?

https://openacs.org/api-doc/proc-view?proc=ad_apply&source_p=1

Either way, I need to burn more neurons on this task.

Best wishes,

Collapse
Posted by Brian Fenton on
Hi Iuri

I can assure that ad_apply is not the source of the problem. You say that you have a customised login page. Why not start with the "standard" OpenACS page that you know is working correctly, and then carefully add each change until you identify the problem?

Brian

Collapse
Posted by Iuri Sampaio on
Hi Brian,

"I can assure that ad_apply is not the source of the problem". So can I!

Finally, I've started from scratch and found the problem. MainSite parameter "RegistrationProvidesRandomPasswordP" was enabled. Because of it, the system generates a random password, even if we explicitly had passed the password and confirm_password fields, as API methods arguments/switches.

Testing things out a while ago, I should have enabled and I forgot to disable it later on.

The good thing...?! It was a good case as lesson learned to get knowing the whole registration and login adn their ad_procs workflow through pkgs: from acs-subsite, acs-authentication, acs-service-contract, acs-tcl ...

Best wishes,