Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenID login fails on try.gitea.io #2100

Closed
strk opened this issue Jul 3, 2017 · 7 comments
Closed

OpenID login fails on try.gitea.io #2100

strk opened this issue Jul 3, 2017 · 7 comments
Labels
issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself

Comments

@strk
Copy link
Member

strk commented Jul 3, 2017

Whenever I try to connect on try.gitea.io with OpenID I get:

Nonce too old: %!d(float64=126.332404525)s

It used to work so something must have broke "recently". Could be a problem with just try.gitea.io (if time is messed up). I don't have a test install to try it there. Maybe @geek1011 does ?
@strk
Copy link
Member Author

strk commented Jul 3, 2017

As I seemed to be able to "login" via livejournal.com (see #2101) this may be an issue just with my own OpenID provider (SimpleID)

@strk
Copy link
Member Author

strk commented Jul 3, 2017

I've tried my OpenID against a GNUSocial server and it worked fine, so the problem is with Gitea (maybe with try.gitea.io deploy only)

@lunny lunny added the type/bug label Jul 3, 2017
@bkcsoft bkcsoft added issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself backport/v1.1 and removed type/bug labels Jul 3, 2017
@strk
Copy link
Member Author

strk commented Jul 13, 2017

One comment I found in the NonceStore implementation we use (an example one that comes with the library we use for OpenID) might be related to the issue:

        // The nonce MUST start with the current time on the server, and MAY    
        // contain additional ASCII characters in the range 33-126 inclusive    
        // (printable non-whitespace characters), as necessary to make each     
        // response unique. The date and time MUST be formatted as specified in 
        // section 5.6 of [RFC3339], with the following restrictions:           
                                                                                
        // All times must be in the UTC timezone, indicated with a "Z".  No     
        // fractional seconds are allowed For example:                          
        // 2005-05-15T17:11:51ZUNIQUE

@strk
Copy link
Member Author

strk commented Jul 13, 2017

Ok this issue is sorted. It's just a clock skew between the Gitea server and the OpenID server of ~2 minutes with a Nonce timeout of 1 minute.

Maybe 1 minute is too low for a TTL (but we're using an demo implementation of the store and I'm not sure how to change that value...)

@strk strk mentioned this issue Jul 13, 2017
Closed
@strk
Copy link
Member Author

strk commented Jul 13, 2017

I confirm installing rdate on the server (which went missed on disk failure) fixes the issue for me.
This ticket can either be closed as invalid or kept open for dealing with making the Nonce timeout configurable. Opinions welcome @cweiske :)

@cweiske
Copy link
Contributor

cweiske commented Jul 14, 2017

I'd keep it the way it is now.

@strk
Copy link
Member Author

strk commented Jul 16, 2017

Alright then, I'm closing this invalid ticket.

@strk strk closed this as completed Jul 16, 2017
@colemickens colemickens mentioned this issue Jun 26, 2018
Open
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cweiske @lunny @strk @bkcsoft