OpenUserJS
Duplicate users
For some reason the authentication routine is creating duplicate users (can be seen in /admin/user if you have access). I'm pretty sure this bug is due to a recent change since it just started happening.
I've identified the cause. We are performing async functions within the Passport verify (which is supposed to be private, but we override externally) method, which was never intended to happen. Most authentications wait for our response (calling done() in the verify method), but Yahoo has some sort of time out and initiates another verify callback if it doesn't get a response in time (repeating this process until it finally does, but the damage is already done). The result is during registration, the user is created multiple times and we even end up trying to send multiple responses to the user which generates errors (can't send headers twice).
I'm still trying to come up with a good solution to this problem.
@sizzlemctwizzle Is this currently happening or is it stale from all the refactors?
It's probably still happening since there has been no change to the authentication routine to fix it.
It's one tricky bug.
If you want to prevent a callback from being called multiple times, you can wrap it in Crockford's once pattern/function: example here
Disclaimer: I have no idea which callback you are having trouble with, so my example of wrapping aDone might be in entirely the wrong place!
However if you wanted to prevent the first callbacks and wait for the final callback ... well that sounds a bit more complicated! :)
Possibly this should be fixed in Passport.
There should probably also be a constraint on the db.
var UserSchema = new Schema({
//--- Data
name: { type: String, unique: true },
http://mongoosejs.com/docs/api.html#schematype_SchemaType-unique
I don't think once would work. The done calls are from separate
requests (separate call stacks).
On Jul 28, 2014 4:46 PM, "joeytwiddle" [email protected] wrote:
If you want to prevent a callback from being called multiple times, you can wrap it in Crockford's once pattern/function: https://github.com/joeytwiddle/OpenUserJS.org/tree/prevent_double_callbacks_using_once
Disclaimer: I have no idea which callback you are having trouble with, so my example of wrapping aDone might be in entirely the wrong place!
However if you wanted to prevent the first callbacks and wait for the final callback ... well that sounds a bit more complicated! :)
Possibly this should be fixed in Passport.
— Reply to this email directly or view it on GitHub https://github.com/OpenUserJs/OpenUserJS.org/issues/83#issuecomment-50406727 .
@sizzlemctwizzle
https://openuserjs.org/discuss/Personnal_Script_view_error is a duplicate user issue... similarly described here. Cleared the DB of that duplicate and appears to be back to normal. crosses things This wasn't easy to determine which account had priority either but the older account was favored due to all other factors. I have modified ./libs/modelParser.js a bit in the last couple of months (mainly Unicode additions with very little subtractions, if any) but encountered nothing like this with my Moderator account... just the reasking mentioned at https://openuserjs.org/announcements/Google_Authentication_Deprecation#comment-152c0caafb9 ... but it reasked me again tonight so I think that's a localhost thing with goo.
It's also possible the passport-google dep from 58f0f94/package.json#L42 mangled things... or just goo itself mangled the auth key for that account (I've seen this happen one other time)... so basically 3 possibilities that I can see here... IDK which one is the catalyst but I've tested a few things with attempting to hack the system and came up with nil.
I'm not sure if this is the right place to inquire, but I'm unable to log into my account ABS on OpenUserJS.org. I use Google for authentication, but I can only access an account named abs_1. I'd like to update a script of mine, can you please help me?
@ABS96 See https://openuserjs.org/announcements/Google_Authentication_Deprecation#comment-15ad82d5f4d ... close enough on the issue here on GH. That account was one of the few that were affected. We're monitoring periodically for other duplicates should they arise.
Unfortunately I can't verify that the account is yours so it's permanently orphaned. e.g. you won't be gaining access any time soon (to that account) thanks to google.
I would be willing to rename the (new) account to an unused name if you don't like the _1 but I need a message in the profile on OUJS requesting me to do so.
@Martii Well that's a shame, I understand. Please change my username to ABS96 over at OUJS, I've updated my profile accordingly.
On the off chance that the date on the GreasyFork page is acceptable evidence, is it possible to transfer the one script had on OUJS to my "new" account? If not, my best bet to keep the old script updated is to submit a fork to the original script from my new account, right?
@ABS96
I've updated my profile accordingly.
Done. If one authorization does this again I do suggest you linking in another auth... such as your one here so I have a validation point... that's at https://openuserjs.org/user/preferences ... plus you can currently toggle auths at any time.
On the off chance that the date on the GreasyFork page is acceptable evidence
We don't have token/hash exchange with GF so there's no way to do that... that could be #96 if GF would be willing to do that securely but we're not at that point and likelihood is small at this time.
my best bet to keep the old script updated is to submit a fork to the original script from my new account, right?
That is what a few others are doing... so it would be helpful to your users I think.
Well that's a shame
I know :\... I'm still searching for a way to validate with google but I haven't found anything. Sizzle is aware of all the accounts currently affected as well.
@Martii I've added a few other auths and I'll go the fork route. Thanks a lot for your help!