on_ruby icon indicating copy to clipboard operation
on_ruby copied to clipboard
verified publisher icon rughh

Login for madrid.rb

Open phoet opened this issue 1 year ago • 8 comments

I just received this email, could you help re-onbaord @josepegea ?

Email edited out

TL:DR:

  • Log in with Twitter to madridrb.com doesn't work in browsers that never had a previous session.
  • Twitter login does still work in browsers that were used in a previous session, even after logging out
  • Connecting from GitHub, even from an account with the same email fails with an Error 500.

It's clear from #1034 that this has happened to more users. Knowing a recommended course of action would be great. Thanks

phoet avatar Oct 14 '24 18:10 phoet

sure, lets fix all the small things that got broken in the past :)

JoschkaSchulz avatar Oct 14 '24 21:10 JoschkaSchulz

Well, after sending the message above I thought about looking at issues and I found #1034

It's mentioned there that a possible workaround would be to register with a GitHub account that used the exact same email address that was used on Twitter. It doesn't work for me, but maybe there's something else in my case.

Some other users of Madrid.rb are just finding this issue (and I guess it must have happened to users of other communities, too). I'd like to provide them with a solution. Thanks

josepegea avatar Oct 15 '24 07:10 josepegea

The GitHub workaround was just an idea, I was not sure weather it would work. Actually good that it does not from a security perspective 😸

So there are some solutions that come to my mind:

a) register a new user and manually copy the authorization to the old user, discarding the new one afterwards b) write a small piece of code that sends out an invitation link where a user gains a login-session with the connected user of the email. through that a user can connect to an authorization provider of choice c) add email+password login and allow password reset

b and c have the drawback that it only works if you still have access to the registered email account.

phoet avatar Oct 15 '24 08:10 phoet

You could use my one-time-password-email-auth-provider for omniauth that i use at weg.li in order to provide password-less logins via email login links https://github.com/weg-li/weg-li/blob/master/app/lib/omni_auth/strategies/email.rb

phoet avatar Oct 15 '24 08:10 phoet

PS:

F U ELON!

phoet avatar Oct 15 '24 08:10 phoet

@josepegea regarding the login via twitter with an existing session: the site has a remember-me cookie that probably does a login in some kind of way. the actual twitter auth is dead, that cant work.

phoet avatar Oct 15 '24 08:10 phoet

@phoet OTP-email is a nice idea.

salzig avatar Oct 15 '24 08:10 salzig

I'll try to add the email login, although it will most likely be during the weekend

josepegea avatar Oct 16 '24 13:10 josepegea

Ok, I finally found the time to finish the Email OTP Auth thing. See the PR at #1068

josepegea avatar Oct 26 '24 17:10 josepegea