Users logging in with Google connector do not have access to images #1334
Comments
|
I tried to run some other scenarios, but could not find any additional data except that if a user logs in with Google they are not even able to see images they are uploading themselves
All behaviors described in my original issue are confirmed. I am not very well versed with Go, but if there is anything I can try to test and fix this please let me know. |
|
Thanks for the reply. Let me clarify: We have been looking for the cause of the problem for a while, but have not been able to reproduce it. Let's explain the environment and the steps we took to test it.
Steps
You can follow the steps shown in the image below to make sure that the following cookie exists or not after logging in, and if it doesn't exist, there is no way to access the image(in login-required mode). In case you are not able to access the image, you can see if there is an error log present. Thank you for your help.
|
|
First of all I can confirm:
That being said, I think we might have something useful at hand. First of all, reproducing your exact steps (open Chrome with private navigation, login with Google, craete new answer with image), the image loads correctly! (and the cookie is there) Now, my suspicion was that it is somehow related to cookies being re-used/not invalidated correctly. So I tried this:
Additionally:
Let me know if you can replicate this behavior or if you need more details |
|
@Giorgio-Bonvicini-R4P Great! Your detailed steps helped. We finally reproduced the problem. You were right. The problem was with the same cookie.
After I think the following modification may solve the problem. answer/internal/controller/user_controller.go Lines 719 to 723 in 3f1ed50 - cookie, err := ctx.Cookie(constant.UserVisitCookiesCacheKey)
- if err == nil && len(cookie) > 0 && !force {
- return
- }
+ if !force {
+ cookie, _ := ctx.Cookie(constant.UserVisitCookiesCacheKey)
+ // If the cookie is the same as the visitToken, no need to set it again
+ if cookie == visitToken {
+ return
+ }
+ } |
|
Wow that was fast. Thank you so much for the effort! However, I am having trouble testing your proposed change (pretty sure it's my fault this time 😝). I am running everything in docker so what I tried to do this:
However it looks like nothing changed: I tried adding and modifying some log.Infof calls to make sure I was running the correct version and, alas, I do not see them, so I guess it's somehow using the previous binary isntead of my modified one... I will keep trying and if nothing else works in the weekend I will set up a development environment in a VM to test this. Thank you again for the excellent support |
|
No need to build it twice.
|
|
Just got to the same solution and... I can confirm I can no longer reproduce the bug! |
If you've tested it and it's working fine, and you're willing to, you can submit a PR. |
Previous behavior was to keep any existing visit cookies, which caused problems like apache#1334
|
Done: let me know if you need anything else from me, otherwise I will wait for the bugfix to hit release. And thank you again for the excellent support: it was a pleasure working with you. |
Previous behavior was to keep any existing visit cookies, which caused problems like #1334
Describe the bug
I am experiencing a similar issue to #667 - this variant seems to be connected to how the user logs in (email+password VS google connector).
Details:
Additional info:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
All users should be able to see all images as long as they are logged in correctly.
Screenshots
Example of broken image in the post body:
Example of 403 redirect when accessing the image URL directly.
Platform
Tagging @LinkinStars to continue the previous interaction.
The text was updated successfully, but these errors were encountered: