Any good ideas on how to troubleshoot django allauth
Hi again.
Allauth works for me... sometimes... For google logins it works most of the time. For facebook it almost never works. When it does not work, I get an error page with the error "An error occurred while attempting to login via your social network account." (or the equivalent in my locale). If I then reload the page, I get logged in!
In some cases I get the error and the little green popup saying that I am logged in at the same time. Strange.
So... If there is any documentation for how to set up or how to troubleshoot django allauth I am all ears (eyes, really). I have tested the "missing howto..." and updated version of that without enough success.
Cheers // David
The only thing I find is in the Apache log: (I have removed all cryptovalues and other things that should be uninteresting to others)
[LOCAL_IP] - - [19/Apr/2017:00:00:39 +0000] "GET /accounts/facebook/login/?process=login&next=%2Farchives%2F HTTP/1.1" 302 706 "https://lists.example.com/accounts/login/?next=/archives/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
[LOCAL_IP] - - [19/Apr/2017:00:00:53 +0000] "GET /accounts/facebook/login/callback/?code=[LONG CRYPTO-LOOKING STRING] HTTP/1.1" 200 2129 "https://www.facebook.com/login/reauth.php?app_id=[MY_APP_ID_I_THINK]&signed_next=1&next=https://www.facebook.com/v2.8/dialog/oauth?redirect_uri=https%3A%2F%2Flists.example.com%2Faccounts%2Ffacebook%2Flogin%2Fcallback%2F&state=[ALPHANUM]&scope=public_profile+email&response_type=code&auth_type=reauthenticate&client_id=[NUMERIC]&ret=login&logger_id=[GUID]&cancel_url=https://lists.example.com/accounts/facebook/login/callback/?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied&state=[ALPHANUm]#_=_&display=page&locale=sv_SE&logger_id=[GUID]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
David Krantz writes:
[LOCAL_IP] - - [19/Apr/2017:00:00:53 +0000] "GET /accounts/facebook/login/callback/?code=[LONG CRYPTO-LOOKING STRING] HTTP/1.1" 200 2129 "https://www.facebook.com/login/reauth.php?app_id=[MY_APP_ID_I_THINK]&signed_next=1&next=https://www.facebook.com/v2.8/dialog/oauth?redirect_uri=https%3A%2F%2Flists.example.com%2Faccounts%2Ffacebook%2Flogin%2Fcallback%2F&state=[ALPHANUM]&scope=public_profile+email&response_type=code&auth_type=reauthenticate&client_id=[NUMERIC]&ret=login&logger_id=[GUID]&cancel_url=https://lists.example.com/accounts/facebook/login/callback/?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied&state=[ALPHANUm]#_=_&display=page&locale=sv_SE&logger_id=[GUID]"
You really should be asking this on a Django channel, preferably one specific to allauth. The OAuth protocols can be pretty complicated AIUI, and from your description "If I then reload the page, I get logged in!", it sounds to me like some kind of intermittent timing problem. That is probably something that only the maintainer of allauth would have a clue about.
Hi again.
I found a solution that so far seems to work. The culprit was that the machine had python-openssl and python3-openssl installed. After removing them I have so far not seen any error.
To troubleshoot it I located and changed authentication_error.html (part of django-allauth) and added
<p> Code: {{ auth_error.code }}, Error: {{ auth_error.exception }} </p
after finding some tips on the web. Still relatively bad error messages but enough to find tips on the python-openssl removal.
Thanks. // David
On Wed, Apr 19, 2017 at 10:57 PM, David Krantz <gazorg@gmail.com> wrote:
Hi again.
Allauth works for me... sometimes... For google logins it works most of the time. For facebook it almost never works. When it does not work, I get an error page with the error "An error occurred while attempting to login via your social network account." (or the equivalent in my locale). If I then reload the page, I get logged in!
In some cases I get the error and the little green popup saying that I am logged in at the same time. Strange.
So... If there is any documentation for how to set up or how to troubleshoot django allauth I am all ears (eyes, really). I have tested the "missing howto..." and updated version of that without enough success.
Cheers // David
The only thing I find is in the Apache log: (I have removed all cryptovalues and other things that should be uninteresting to others)
[LOCAL_IP] - - [19/Apr/2017:00:00:39 +0000] "GET /accounts/facebook/login/?process=login&next=%2Farchives%2F HTTP/1.1" 302 706 "https://lists.example.com/accounts/login/?next=/archives/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
[LOCAL_IP] - - [19/Apr/2017:00:00:53 +0000] "GET /accounts/facebook/login/callback/?code=[LONG CRYPTO-LOOKING STRING] HTTP/1.1" 200 2129 "https://www.facebook.com/login/reauth.php?app_id=[MY_APP_ID_I_THINK]&signed_next=1&next=https://www.facebook.com/v2.8/dialog/oauth?redirect_uri=https%3A%2F%2Flists.example.com%2Faccounts%2Ffacebook%2Flogin%2Fcallback%2F&state=[ALPHANUM]&scope=public_profile+email&response_type=code&auth_type=reauthenticate&client_id=[NUMERIC]&ret=login&logger_id=[GUID]&cancel_url=https://lists.example.com/accounts/facebook/login/callback/?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied&state=[ALPHANUm]#_=_&display=page&locale=sv_SE&logger_id=[GUID]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
David Krantz wrote:
I found a solution that so far seems to work. The culprit was that the machine had python-openssl and python3-openssl installed. After removing them I have so far not seen any error.
It turns out that unbeknown to me I had the same issue. I manage MM 3 installations at lists.mailman3.org and mail.python.org/mm3. I support django-allauth OAuth2 authentication using GitHub, GitLab, Google and Facebook on both. On lists.mailman3.org everything was working fine. On mail.python.org/mm3 all OAuth2 login attempts produced a 500 server error and a traceback in the mailman-web log similar to
ERROR 2017-04-23 18:51:39,501 base 3673 139978913507072 Internal Server Error: /mm3/accounts/google/login/callback/ Traceback (most recent call last): File "/opt/mailman/mailman-bundler/eggs/Django-1.8.13-py2.7.egg/django/core/handlers/base.py", line 149, in get_response response = self.process_exception_by_middleware(e, request) File "/opt/mailman/mailman-bundler/eggs/Django-1.8.13-py2.7.egg/django/core/handlers/base.py", line 147, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/django_allauth-0.27.0-py2.7.egg/allauth/socialaccount/providers/oauth2/views.py", line 62, in view return self.dispatch(request, *args, **kwargs) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/django_allauth-0.27.0-py2.7.egg/allauth/socialaccount/providers/oauth2/views.py", line 120, in dispatch access_token = client.get_access_token(request.GET['code']) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/django_allauth-0.27.0-py2.7.egg/allauth/socialaccount/providers/oauth2/client.py", line 74, in get_access_token auth=auth) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/requests/api.py", line 56, in request return session.request(method=method, url=url, **kwargs) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/requests/sessions.py", line 488, in request resp = self.send(prep, **send_kwargs) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/requests/sessions.py", line 609, in send r = adapter.send(request, **kwargs) File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/requests/adapters.py", line 497, in send raise SSLError(e, request=request) SSLError: bad handshake: SysCallError(0, None)
I only discovered this because I saw the ERROR entries in the log while looking for something else. In any case, it turned out that python-openssl was installed on mail.python.org and not on lists.mailman3.org. Removing it from mail.python.org allowed OAuth2 logins to work.
We'll see if its removal broke something else that depended on it :(
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
I only discovered this because I saw the ERROR entries in the log while looking for something else. In any case, it turned out that python-openssl was installed on mail.python.org and not on lists.mailman3.org. Removing it from mail.python.org allowed OAuth2 logins to work.
I think that part of the problem here may be that distros have not caught up to current Python upstream distribution practices. MacPorts is particularly bad (ie, heinous), in that they don't even follow their own Python distributions. In MacPorts, OpenSSL and GNU readline have both bitten me; basically, the add-on packages should be labeled "unless you know you need this, and know why, and accept that NO WARRANTEE means what it says (we don't support it at all), don't install this!"
I've opened Mailman/Mailman issue#323 for this. Probably it should be moved to Installation and Troubleshooting documentation, but maybe leaving an open issue in the tracker would help discoverability?
participants (3)
-
David Krantz -
Mark Sapiro -
Stephen J. Turnbull