Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: login inconsistency with same credentials #4694

Open
1 task done
Fernananas opened this issue Feb 10, 2025 · 4 comments
Open
1 task done

fix: login inconsistency with same credentials #4694

Fernananas opened this issue Feb 10, 2025 · 4 comments
Assignees
@harmbrugge
Labels
bug Something isn't working

Comments

@Fernananas
Copy link

Have you checked if this issue already exists?

  • yes

Molgenis EMX2 version

Software version: v11.34.0. Database version: 23.

Description

Users are experiencing inconsistent login behavior in EMX2 when using the same credentials on different days.
Initial Behavior (Day 1)

  • Successfully logged in using:
  • Sign in button
  • Username/password authentication method
  • Credentials: testERRAS (username)

Current Behavior (Few Days Later)

  • Login fails with same credentials
  • Error message received: "Sign in as 'testERRAS' failed: user or password unknown"
  • No changes were made to the credentials between attempts

Additional Information

Username used: testERRAS
Authentication method: Both sign-in button and username/password form
Time between successful and failed attempts: Multiple days
No known changes to user credentials or permissions during this period

Reproduction steps

  1. Login successfully using username testERRAS and corresponding password (https://demo-ernskin.molgenis.net/)
  2. Wait several days
  3. Attempt to login using the exact same credentials
  4. Observe authentication failure

Expected behaviour

Consistent authentication success when using valid credentials, regardless of time between login attempts

System configuration

  • Device:
  • Operating system:
  • Browser:
@Fernananas Fernananas added the bug Something isn't working label Feb 10, 2025
@mswertz
Copy link
Member

mswertz commented Feb 10, 2025

This is the place where the error comes from:

molgenis-emx2/backend/molgenis-emx2-graphql/src/main/java/org/molgenis/emx2/graphql/GraphqlSessionFieldFactory.java

Line 105 in 4b1e1a5

FAILED, "Sign in as '%s' failed: user or password unknown", userName);

@mswertz mswertz changed the title Login inconsistency with same credentials fix: login inconsistency with same credentials Feb 10, 2025
@jelmerveen
Copy link
Collaborator

jelmerveen commented Feb 10, 2025
edited
Loading

This is the last diff (4 months ago):

a3de237#diff-1d32443ea47503da0b3f8ff2cec181d258e27e78db5a670a377f9f2af9bd58b9

Why is this 'todo' still in the code?

 public static void setUserPassword(DSLContext jooq, String user, String password) {
    // TODO BEFORE MERGE: set USER_ACTIVE to current value and not to "TRUE"
    jooq.insertInto(USERS_METADATA)
        .columns(USER_NAME, USER_ENABLED, USER_PASS)
        .values(
            field("{0}", String.class, user),
            field("{0}", Boolean.class, Boolean.TRUE),
            field("crypt({0}, gen_salt('bf'))", String.class, password))
        .onConflict(USER_NAME)
        .doUpdate()

@harmbrugge
Copy link
Member

harmbrugge commented Feb 12, 2025
edited
Loading

This issue can not be replicated. Current assumption is that a wrong password is used for the password update.

@jelmerveen
Copy link
Collaborator

jelmerveen commented Feb 12, 2025
edited
Loading

To make it more robust. could you add a .trim() function to remove leading and/or trailing whitespaces?
When a user copy-pastes the password

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harmbrugge harmbrugge

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mswertz @harmbrugge @Fernananas @jelmerveen