Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • pleroma pleroma
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 654
    • Issues 654
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 99
    • Merge requests 99
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • PleromaPleroma
  • pleromapleroma
  • Issues
  • #2130
Closed
Open
Issue created Sep 09, 2020 by Michael Collins@mjc1

Users with MFA/ TOTP enabled can't login to OAUTH (2.1.1)

Pleroma 2.1.1, built from source

Steps to reproduce:

  1. Launch Whalebird
  2. Add a new account (the account has TOTP enabled on it).
  3. Whalebird asks you for your Mastodon instance. Give it your Pleroma instance.
  4. Whalebird comes back and says it's compatible.
  5. Click Login.
  6. Your browser is redirected to an OAUTH login page.
  7. Enter your Username & Password
  8. OAUTH page refreshes and prompts you for your TOTP.
  9. Enter your TOTP.
  10. Receive an error message: {"errors":{"detail":"Internal server error"}}

Logs:

Sep  9 11:57:35 liewrap01 pleroma: request_id=FjMbnXoaC4U2UB0AEUvR [error] Internal server error: %Phoenix.Template.UndefinedError{assigns: %{auth: %Pleroma.Web.OAuth.Authorization{__meta__: #Ecto.Schema.Metadata<:loaded, "oauth_authorizations">, app: #Ecto.Association.NotLoaded<association :app is not loaded>, app_id: 128933, id: 169640, inserted_at: ~N[2020-09-09 11:56:59], scopes: ["read", "write", "follow"], token: "W41pBCk18UxaRsSR_7wKgRAkdrBzCk5PtkLp4nLQtfw", updated_at: ~N[2020-09-09 11:56:59], used: false, user: #Ecto.Association.NotLoaded<association :user is not loaded>, user_id: "9yxBmZlGssghzAPEzA", valid_until: ~N[2020-09-09 12:06:59.661128]}, conn: %Plug.Conn{adapter: {Plug.Cowboy.Conn, :...}, assigns: %{auth: %Pleroma.Web.OAuth.Authorization{__meta__: #Ecto.Schema.Metadata<:loaded, "oauth_authorizations">, app: #Ecto.Association.NotLoaded<association :app is not loaded>, app_id: 128933, id: 169640, inserted_at: ~N[2020-09-09 11:56:59], scopes: ["read", "write", "follow"], token: "W41pBCk18UxaRsSR_7wKgRAkdrBzCk5PtkLp4nLQtfw", updated_at: ~N[2020-09-09 11:56:59], used: false, user: #Ecto.Association.NotLoaded<association :user is not loaded>, user_id: "9yxBmZlGssghzAPEzA", valid_until: ~N[2020-09-09 12:06:59.661128]}, digest: "SHA-256=pV7H5LZV3xseY4HdiG1xcfmGN9jlcCI8ji0LhbL6H+A=", layout: {Pleroma.Web.LayoutView, "app.html"}, locale: "en", remote_ip_found: true}, before_send: [#Function<2.8858237/1 in Phoenix.Controller.fetch_flash/2>, #Function<0.105793137/1 in Plug.Session.before_send/2>, #Function<0.119468924/1 in Pleroma.Web.Endpoint.PipelineInstrumenter.call/2>, #Function<1.132129851/1 in Plug.Logger.call/2>], body_params: %{"_csrf_token" => "JQs4DmFoA3wZS0BjJX8lIzFYbAAsDREmPH_ZT0DKo9r1t8iQy0ZoeTFE", "mfa" => %{"challenge_type" => "totp", "code" => "703050", "mfa_token" => "P4aE4UWteL0IYjpdeNwPRk9_MLq9IfWPJD0Pc0Rqa8g", "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", "state" => ""}}, cookies: %{"__Host-pleroma_key" => "SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ", "__cfduid" => "dfd5d63cc9632b28b8065804cca83a87e1599580793", "_pk_id.2.362e" => "6baef5c0e5aaf331.1599580803.8.1599652619.1599646739.", "_pk_ses.2.362e" => "1"}, halted: false, host: "nsfw.social", method: "POST", owner: #PID<0.29258.10>, params: %{"_csrf_token" => "JQs4DmFoA3wZS0BjJX8lIzFYbAAsDREmPH_ZT0DKo9r1t8iQy0ZoeTFE", "mfa" => %{"challenge_type" => "totp", "code" => "703050", "mfa_token" => "P4aE4UWteL0IYjpdeNwPRk9_MLq9IfWPJD0Pc0Rqa8g", "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", "state" => ""}}, path_info: ["oauth", "mfa", "verify"], path_params: %{}, port: 80, private: %{Pleroma.Web.Router => {[], %{}}, :phoenix_action => :verify, :phoenix_controller => Pleroma.Web.OAuth.MFAController, :phoenix_endpoint => Pleroma.Web.Endpoint, :phoenix_flash => %{}, :phoenix_layout => {Pleroma.Web.LayoutView, "app.html"}, :phoenix_router => Pleroma.Web.Router, :phoenix_template => "oob_authorization_created.html", :phoenix_view => Pleroma.Web.OAuth.MFAView, :plug_session => %{"user_id" => "9yxBmZlGssghzAPEzA"}, :plug_session_fetch => :done}, query_params: %{}, query_string: "", remote_ip: {67, 191, 205, 149}, req_cookies: %{"__Host-pleroma_key" => "SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ", "__cfduid" => "dfd5d63cc9632b28b8065804cca83a87e1599580793", "_pk_id.2.362e" => "6baef5c0e5aaf331.1599580803.8.1599652619.1599646739.", "_pk_ses.2.362e" => "1"}, req_headers: [{"accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"}, {"accept-encoding", "gzip"}, {"accept-language", "en-US,en;q=0.9"}, {"cache-control", "max-age=0"}, {"cdn-loop", "cloudflare"}, {"cf-connecting-ip", "67.191.205.149"}, {"cf-ipcountry", "US"}, {"cf-ray", "5d00bb8ac9f01853-EWR"}, {"cf-request-id", "0514538ab90000185383bba200000001"}, {"cf-visitor", "{\"scheme\":\"https\"}"}, {"connection", "upgrade"}, {"content-length", "255"}, {"content-type", "application/x-www-form-urlencoded"}, {"cookie", "__cfduid=dfd5d63cc9632b28b8065804cca83a87e1599580793; __Host-pleroma_key=SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ; _pk_ses.2.362e=1; _pk_id.2.362e=6baef5c0e5aaf331.1599580803.8.1599652619.1599646739."}, {"dnt", "1"}, {"host", "nsfw.social"}, {"origin", "https://nsfw.social"}, {"referer", "https://nsfw.social/oauth/authorize"}, {"sec-fetch-dest", "document"}, {"sec-fetch-mode", "navigate"}, {"sec-fetch-site", "same-origin"}, {"sec-fetch-user", "?1"}, {"upgrade-insecure-requests", "1"}, {"user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36"}, {"x-forwarded-for", "67.191.205.149"}, {"x-forwarded-proto", "https"}], request_path: "/oauth/mfa/verify", resp_body: nil, resp_cookies: %{}, resp_headers: [{"cache-control", "max-age=0, private, must-revalidate"}, {"access-control-allow-origin", "*"}, {"access-control-expose-headers", "Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key"}, {"access-control-allow-credentials", "true"}, {"x-request-id", "FjMbnXoaC4U2UB0AEUvR"}], scheme: :http, script_name: [], secret_key_base: :..., state: :unset, status: nil}, digest: "SHA-256=pV7H5LZV3xseY4HdiG1xcfmGN9jlcCI8ji0LhbL6H+A=", locale: "en", remote_ip_found: true, view_module: Pleroma.Web.OAuth.MFAView, view_template: "oob_authorization_created.html"}, available: ["recovery.html", "totp.html"], module: Pleroma.Web.OAuth.MFAView, pattern: "*", root: "lib/pleroma/web/templates/o_auth/mfa", template: "oob_authorization_created.html"}
Sep  9 11:57:35 liewrap01 pleroma: request_id=FjMbnXoaC4U2UB0AEUvR [info] Converted error Phoenix.Template.UndefinedError to 500 response
Sep  9 11:57:36 liewrap01 pleroma: [info] JOINED chat:public in 81µs#012  Parameters: %{}
Sep  9 11:57:37 liewrap01 pleroma: [error] Ranch protocol #PID<0.29283.10> of listener Pleroma.Web.Endpoint.HTTP (connection #PID<0.29280.10>, stream id 1) terminated#012** (exit) :badarg#012    :erlang.apply([], :user, [])#012    (pleroma 2.1.1) lib/pleroma/web/mastodon_api/websocket_handler.ex:104: Pleroma.Web.MastodonAPI.WebsocketHandler.terminate/3#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_handler.erl:46: :cowboy_handler.execute/2#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_stream_h.erl:300: :cowboy_stream_h.execute/3#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_stream_h.erl:291: :cowboy_stream_h.request_process/3#012    (stdlib 3.13) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
Sep  9 11:57:38 liewrap01 pleroma: [error] Elixir.Pleroma.Web.MastodonAPI.WebsocketHandler received frame: :ping
Sep  9 11:57:38 liewrap01 pleroma: [error] Elixir.Pleroma.Web.MastodonAPI.WebsocketHandler received frame: :ping
Sep  9 11:57:41 liewrap01 pleroma: request_id=FjMbnub5F6sexdkAEUxR [error] Internal server error: %Phoenix.Template.UndefinedError{assigns: %{auth: %Pleroma.Web.OAuth.Authorization{__meta__: #Ecto.Schema.Metadata<:loaded, "oauth_authorizations">, app: #Ecto.Association.NotLoaded<association :app is not loaded>, app_id: 128933, id: 169640, inserted_at: ~N[2020-09-09 11:56:59], scopes: ["read", "write", "follow"], token: "W41pBCk18UxaRsSR_7wKgRAkdrBzCk5PtkLp4nLQtfw", updated_at: ~N[2020-09-09 11:56:59], used: false, user: #Ecto.Association.NotLoaded<association :user is not loaded>, user_id: "9yxBmZlGssghzAPEzA", valid_until: ~N[2020-09-09 12:06:59.661128]}, conn: %Plug.Conn{adapter: {Plug.Cowboy.Conn, :...}, assigns: %{auth: %Pleroma.Web.OAuth.Authorization{__meta__: #Ecto.Schema.Metadata<:loaded, "oauth_authorizations">, app: #Ecto.Association.NotLoaded<association :app is not loaded>, app_id: 128933, id: 169640, inserted_at: ~N[2020-09-09 11:56:59], scopes: ["read", "write", "follow"], token: "W41pBCk18UxaRsSR_7wKgRAkdrBzCk5PtkLp4nLQtfw", updated_at: ~N[2020-09-09 11:56:59], used: false, user: #Ecto.Association.NotLoaded<association :user is not loaded>, user_id: "9yxBmZlGssghzAPEzA", valid_until: ~N[2020-09-09 12:06:59.661128]}, digest: "SHA-256=pV7H5LZV3xseY4HdiG1xcfmGN9jlcCI8ji0LhbL6H+A=", layout: {Pleroma.Web.LayoutView, "app.html"}, locale: "en", remote_ip_found: true}, before_send: [#Function<2.8858237/1 in Phoenix.Controller.fetch_flash/2>, #Function<0.105793137/1 in Plug.Session.before_send/2>, #Function<0.119468924/1 in Pleroma.Web.Endpoint.PipelineInstrumenter.call/2>, #Function<1.132129851/1 in Plug.Logger.call/2>], body_params: %{"_csrf_token" => "JQs4DmFoA3wZS0BjJX8lIzFYbAAsDREmPH_ZT0DKo9r1t8iQy0ZoeTFE", "mfa" => %{"challenge_type" => "totp", "code" => "703050", "mfa_token" => "P4aE4UWteL0IYjpdeNwPRk9_MLq9IfWPJD0Pc0Rqa8g", "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", "state" => ""}}, cookies: %{"__Host-pleroma_key" => "SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ", "__cfduid" => "dfd5d63cc9632b28b8065804cca83a87e1599580793", "_pk_id.2.362e" => "6baef5c0e5aaf331.1599580803.8.1599652660.1599646739.", "_pk_ses.2.362e" => "1"}, halted: false, host: "nsfw.social", method: "POST", owner: #PID<0.29317.10>, params: %{"_csrf_token" => "JQs4DmFoA3wZS0BjJX8lIzFYbAAsDREmPH_ZT0DKo9r1t8iQy0ZoeTFE", "mfa" => %{"challenge_type" => "totp", "code" => "703050", "mfa_token" => "P4aE4UWteL0IYjpdeNwPRk9_MLq9IfWPJD0Pc0Rqa8g", "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", "state" => ""}}, path_info: ["oauth", "mfa", "verify"], path_params: %{}, port: 80, private: %{Pleroma.Web.Router => {[], %{}}, :phoenix_action => :verify, :phoenix_controller => Pleroma.Web.OAuth.MFAController, :phoenix_endpoint => Pleroma.Web.Endpoint, :phoenix_flash => %{}, :phoenix_layout => {Pleroma.Web.LayoutView, "app.html"}, :phoenix_router => Pleroma.Web.Router, :phoenix_template => "oob_authorization_created.html", :phoenix_view => Pleroma.Web.OAuth.MFAView, :plug_session => %{"user_id" => "9yxBmZlGssghzAPEzA"}, :plug_session_fetch => :done}, query_params: %{}, query_string: "", remote_ip: {67, 191, 205, 149}, req_cookies: %{"__Host-pleroma_key" => "SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ", "__cfduid" => "dfd5d63cc9632b28b8065804cca83a87e1599580793", "_pk_id.2.362e" => "6baef5c0e5aaf331.1599580803.8.1599652660.1599646739.", "_pk_ses.2.362e" => "1"}, req_headers: [{"accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"}, {"accept-encoding", "gzip"}, {"accept-language", "en-US,en;q=0.9"}, {"cache-control", "max-age=0"}, {"cdn-loop", "cloudflare"}, {"cf-connecting-ip", "67.191.205.149"}, {"cf-ipcountry", "US"}, {"cf-ray", "5d00bbb0fcd81853-EWR"}, {"cf-request-id", "051453a29f00001853838e8200000001"}, {"cf-visitor", "{\"scheme\":\"https\"}"}, {"connection", "upgrade"}, {"content-length", "255"}, {"content-type", "application/x-www-form-urlencoded"}, {"cookie", "__cfduid=dfd5d63cc9632b28b8065804cca83a87e1599580793; __Host-pleroma_key=SFMyNTY.g3QAAAABbQAAAAd1c2VyX2lkbQAAABI5eXhCbVpsR3NzZ2h6QVBFekE.NiSuf5QhgDnuEOs4A2DMe8P44HRqAcSWsAufkEDI-xQ; _pk_ses.2.362e=1; _pk_id.2.362e=6baef5c0e5aaf331.1599580803.8.1599652660.1599646739."}, {"dnt", "1"}, {"host", "nsfw.social"}, {"origin", "https://nsfw.social"}, {"referer", "https://nsfw.social/oauth/authorize"}, {"sec-fetch-dest", "document"}, {"sec-fetch-mode", "navigate"}, {"sec-fetch-site", "same-origin"}, {"sec-fetch-user", "?1"}, {"upgrade-insecure-requests", "1"}, {"user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36"}, {"x-forwarded-for", "67.191.205.149"}, {"x-forwarded-proto", "https"}], request_path: "/oauth/mfa/verify", resp_body: nil, resp_cookies: %{}, resp_headers: [{"cache-control", "max-age=0, private, must-revalidate"}, {"access-control-allow-origin", "*"}, {"access-control-expose-headers", "Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key"}, {"access-control-allow-credentials", "true"}, {"x-request-id", "FjMbnub5F6sexdkAEUxR"}], scheme: :http, script_name: [], secret_key_base: :..., state: :unset, status: nil}, digest: "SHA-256=pV7H5LZV3xseY4HdiG1xcfmGN9jlcCI8ji0LhbL6H+A=", locale: "en", remote_ip_found: true, view_module: Pleroma.Web.OAuth.MFAView, view_template: "oob_authorization_created.html"}, available: ["recovery.html", "totp.html"], module: Pleroma.Web.OAuth.MFAView, pattern: "*", root: "lib/pleroma/web/templates/o_auth/mfa", template: "oob_authorization_created.html"}
Sep  9 11:57:41 liewrap01 pleroma: request_id=FjMbnub5F6sexdkAEUxR [info] Converted error Phoenix.Template.UndefinedError to 500 response
Sep  9 11:57:49 liewrap01 pleroma: [error] Ranch protocol #PID<0.29392.10> of listener Pleroma.Web.Endpoint.HTTP (connection #PID<0.29393.10>, stream id 1) terminated#012** (exit) :badarg#012    :erlang.apply([], :user, [])#012    (pleroma 2.1.1) lib/pleroma/web/mastodon_api/websocket_handler.ex:104: Pleroma.Web.MastodonAPI.WebsocketHandler.terminate/3#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_handler.erl:46: :cowboy_handler.execute/2#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_stream_h.erl:300: :cowboy_stream_h.execute/3#012    (cowboy 2.8.0) /opt/pleroma/deps/cowboy/src/cowboy_stream_h.erl:291: :cowboy_stream_h.request_process/3#012    (stdlib 3.13) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
Assignee
Assign to
Time tracking