Infinite passwordless loop


(Sitieno) #1

Ask for email -> I use the link sent to the e-mail -> ask for email in it

(Actually experienced this prob while trying to log in voice.mozilla.org)


(Henrik Mitsch) #2

Hi @Sitieno14,

are you using the same browser for triggering the email and opening the link from the authentication email?

If yes, can you try the same “trigger mail, click link” loop in a private browser window?

Regards,
Henrik


(Alec0061) #3

Same issue, using normal firefox 60.4.0esr, I canot log in to voice.mozillla.org.

Your suggestion of using a private browser window did fix it though.

Thanks, but why would that fix it? Is normal firefox not maintaining cookies or something?

Edit: it does not let me log in anymore, even in a private browser. Really weird. I got it to work once then it did not work when closed the browser and retried.


(Henrik Mitsch) #4

Hi @alec0061,

thanks for being patient.

  • About not being able to log in any longer: Once your session times out (in a Private Browsing Window this is when you close the window), you need to request a new login link.
  • About Private Mode vs. Regular Mode: Maybe you still have some stale cookies in your browser? You could try by removing all cookies from auth0.

Hope this helps.

Best regards,
Henrik


(Hoffmann) #5

Same problem for me. It is a problem with your ultra-short expiry delay of 15 minutes. As your email servers are on greylist and therefore tarpitted (by 00:19:46 according to email header), you will always arrive too late in my inbox.

The temporary links of other systems usually expire after hours or days. Can you increase your delay to half an hour at least?


(Henrik Mitsch) #6

Hi @alec0061,

… do you still have the same behavior? Even in a Private Browser session?

Best regards,
Henrik


(Pl) #7

I get the very same problem here, it was working from another laptop with a ubuntu, and here with a debian buster 60.4.0esr (64 bits) i can’t get logged in. I did try with two different mail address each time using same browser.
Same loggin on this discourse did work, so it look like this is a voice.mozilla.org problem.


(Pl) #8

in both cases i did use a noscript plugin, i did test with private browsing just does not work.
It look like enrollment proceed but at the end voice.mozilla.org reset it like if nobody was logged.


(Henrik Mitsch) #9

@pl11, thank you very much for the detailed information. We need to look into this and try to get further insight.

@vioia and @rleitan, do you have an idea on how to reproduce the behavior described by @pl11?

@gweber there seems to be a something something with voice.m.o?

-Henrik


(Rleitan) #10

I managed to reproduce the issue on Firefox 60.4.0esr, on Windows 10.

The issue is reproducible with a Firefox clean profile and private window.

It’s reproducible also with LDAP email and both new and existing Common Voice profiles.

I logged https://github.com/mozilla/voice-web/issues/1756 issue for it.


(Henrik Mitsch) #11

Hi @Hoffmann,

thanks for your comment on the 15 minutes lifetime of our email verification. We hear this every once in a while and finally added corresponding entries to the FAQ for Mozilla IAM:

https://wiki.mozilla.org/IAM/Frequently_asked_questions#Q:_Why_do_the_email_login_links_expire_after_15_minutes.3F

Best regards,
Henrik