Bugzilla – Full Text Bug Listing
| Summary: | OAuth accounts lost on server bounce | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [ECD] Orion | Reporter: | Andrew Audibert <aaudibert> | ||||
| Component: | Server | Assignee: | Anthony Hunter <ahunter.eclipse> | ||||
| Status: | RESOLVED FIXED | QA Contact: | |||||
| Severity: | major | ||||||
| Priority: | P3 | CC: | aaudibert, ahunter.eclipse | ||||
| Version: | 10.0 | ||||||
| Target Milestone: | 10.0 | ||||||
| Hardware: | PC | ||||||
| OS: | All | ||||||
| See Also: |
https://git.eclipse.org/r/54353 https://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=0930b3ef49abc530cf27f82f2cc2019a6d726109 |
||||||
| Whiteboard: | |||||||
| Attachments: |
|
||||||
New Gerrit change created: https://git.eclipse.org/r/54353 The OAuth accounts cache is created on server restart in the AuthenticationMetaStoreJob.run() method. This is at line 84 in /org.eclipse.orion.server.authentication/src/org/eclipse/orion/server/authentication/Activator.java Can you debug and make sure this job is not being started on server startup? Since it is a job it is possible there could be a delay until the cache is initialized. I have not seen any complaints as such on orionhub.org though. AuthenticationMetaStoreJob.run() registers the OAuth user property keys, but doesn't load their current values on disk into the SimpleMetaStoreUserPropertyCache. SimpleMetastore.readUserByProperty() looks for properties in the SimpleMetaStoreUserPropertyCache and fails to find them if they were added before the server was bounced. I misspoke in the initial ticket - it is the "OAuth" user property, not the "Email" user property that gets used to look up the user account. See line 172 of OAuthHelper: UserInfo userInfo = OrionConfiguration.getMetaStore().readUserByProperty(UserConstants.OAUTH, ".*\\Q" + oauthConsumer.getIdentifier() + "\\E.*", true, false); How often is orionhub bounced? To clarify, I've debugged and AuthenticationMetaStoreJob.run() is being run on startup Gerrit change https://git.eclipse.org/r/54353 was merged to [master]. Commit: http://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=0930b3ef49abc530cf27f82f2cc2019a6d726109 I see where the issue is. On orionhub.org and orion.eclipse.org we have the preference orion.file.diskUsageEnabled=true set which indirectly creates the cache on startup. I have committed your change from gerrit but made two fixes: The initializeAllRegisteredPropertiesFromDisk() should not be called for the UserConstants.USER_NAME property since we already handle that property by reading all users. The initializeAllRegisteredPropertiesFromDisk() should not throw a runtime exception and cause the server to fail to startup if it hits a bad user.json, it should print an error message and continue on to the next user. (In reply to Anthony Hunter from comment #6) > I see where the issue is. On orionhub.org and orion.eclipse.org we have the > preference orion.file.diskUsageEnabled=true set which indirectly creates the > cache on startup. > > I have committed your change from gerrit but made two fixes: > > The initializeAllRegisteredPropertiesFromDisk() should not be called for the > UserConstants.USER_NAME property since we already handle that property by > reading all users. > > The initializeAllRegisteredPropertiesFromDisk() should not throw a runtime > exception and cause the server to fail to startup if it hits a bad > user.json, it should print an error message and continue on to the next user. Should have added that this was commit: http://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=f1a4c654d341e5c9b9ff02b228b173ed93bdc635 |
Created attachment 256027 [details] asked to register even though my Orion OAuth account should exist Repro: 1. Create a new account via OAuth 2. Bouncer server 3. Try to log in using the same OAuth account Expected: Successful login Actual: Prompted to register as though the OAuth account has never been used before. Even worse, the default username is already taken from the creation of the original account. The attachment contains an image of this state. The account isn't recognized after server bounce because the user properties in the SimpleMetaStore are not loaded during initialization. In step (3) of the repro, the server tries to find the OAuth account by the "Email" user property, but it hasn't been loaded from disk into the cache, so the server concludes that the account doesn't exist and prompts the user to register. The user info is properly recorded on disk, it just never gets loaded into the cache.