geonode icon indicating copy to clipboard operation
geonode copied to clipboard

Published 20 hours ago verified publisher icon GeoNode

Google auth broken in 4.0?

Open Yann-J opened this issue 2 years ago • 6 comments

Expected Behavior

Hello good people! I have a GeoNode/Geoserver setup configured to use Google as auth provider. It has been working well on 3.x throughout various upgrades, but following an upgrade to 4.x the Google login flow seems broken. Login with internal users still works fine.

The settings.py section to configure my auth is as follows:

SOCIALACCOUNT_PROVIDERS['google'] = {
  'SCOPE': [
    'profile',
    'email',
  ],
  'AUTH_PARAMS': {
    'access_type': 'online',
  }
}

if os.getenv('AUTH_DOMAIN'):
  SOCIALACCOUNT_PROVIDERS['google']['AUTH_PARAMS']['hd'] = os.getenv('AUTH_DOMAIN')

INSTALLED_APPS += ('allauth.socialaccount.providers.google',)
SOCIALACCOUNT_PROFILE_EXTRACTORS['google'] = "geonode.people.profileextractors.OpenIDExtractor"

I'm also setting the following env vars to valid values - although I also had to configure the OAuth values in the admin UI:

  • OAUTH2_CLIENT_ID
  • OAUTH2_CLIENT_SECRET
  • AUTH_DOMAIN

Actual Behavior

With 4.x, the Google login button is present as expected in the login page. However when pressing it, the browser is redirected to /account/google/login/?process=login&next=/catalogue/#/ which shows up as a blank page. No HTTP call is ever made to any Google URL.

image

No logs in console (server or client). I couldn't identify any change to the relevant sections of the configuration...

Steps to Reproduce the Problem

  1. Run geonode with above configuration
  2. Login as admin and configure Google provider in the admin UI with valid OAuth parameters

image

  1. Log out and try to login with Google

Specifications

  • GeoNode version: docker build from this commit
  • Installation method (manual, GeoNode Docker, SPCGeoNode Docker): Docker

Yann-J avatar Feb 14 '22 07:02 Yann-J

@Yann-J a part from the blank page does the login complete? If you refersh the page or go to the home page is the user logged in?

giohappy avatar Feb 14 '22 08:02 giohappy

Hey @giohappy sorry I forgot to mention :) No, the login is not complete after the page load. The menus are still clickable and I can still do all the usual anonymous browsing.

Also worth noting that this also affects the signup flow, and was tested after wiping all the domain's cookies.

Yann-J avatar Feb 14 '22 08:02 Yann-J

I suspect that the new client templates are not compatible with django-allauth social logins pages. I will open an issue on geonode mapstore client repo.

giohappy avatar Feb 14 '22 11:02 giohappy

https://github.com/GeoNode/geonode-mapstore-client/issues/827

giohappy avatar Feb 14 '22 11:02 giohappy

@Yann-J it looks like the new SOCIALACCOUNT_LOGIN_ON_GET default option from django-allauth, that was introduced with version 0.47.0 is not compatible with GeoNode templates right now.

If you set it to True login and sign up should work.

giohappy avatar Feb 16 '22 09:02 giohappy

Indeed, it works well now! Thanks a lot!

I guess it still makes sense to keep the ticket opened until either the parameter is added by default, or the templates are updated?

But at least there's a clear workaround!

Yann-J avatar Feb 16 '22 13:02 Yann-J