Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First authentication in Studio raises a 500 error: social_core.exceptions.AuthStateMissing: Session value state missing. #114

Closed
regisb opened this issue Nov 22, 2021 · 7 comments · Fixed by overhangio/tutor#667
Closed

First authentication in Studio raises a 500 error: social_core.exceptions.AuthStateMissing: Session value state missing. #114

regisb opened this issue Nov 22, 2021 · 7 comments · Fixed by overhangio/tutor#667
Assignees
@lumos42
Labels
bug Report of or fix for something that isn't working as intended
Milestone
Maple.3

Comments

@regisb
Copy link
Contributor

regisb commented Nov 22, 2021

How to reproduce:

  1. Open a private tab.
  2. Go to the studio, hit login and fill staff credentials
  3. The redirect to the CMS results in a 500 error: "The Studio servers encountered an error".

Note that we are successfully logged in the CMS, despite the error.

Here are the logs from the cms container:

cms_1                        | 2021-11-22 17:10:01,791 ERROR 8 [django.request] [user 4] [ip 80.67.176.14] log.py:224 - Internal Server Error: /complete/edx-oauth2/
cms_1                        | Traceback (most recent call last):
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
cms_1                        |     response = get_response(request)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
cms_1                        |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
cms_1                        |   File "/opt/pyenv/versions/3.8.12/lib/python3.8/contextlib.py", line 75, in inner
cms_1                        |     return func(*args, **kwds)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
cms_1                        |     response = view_func(request, *args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
cms_1                        |     return view_func(*args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_django/utils.py", line 46, in wrapper
cms_1                        |     return func(request, backend, *args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_django/views.py", line 31, in complete
cms_1                        |     return do_complete(request.backend, _do_login, user=request.user,
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/actions.py", line 45, in do_complete
cms_1                        |     user = backend.complete(user=user, *args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/backends/base.py", line 40, in complete
cms_1                        |     return self.auth_complete(*args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/auth_backends/backends.py", line 98, in auth_complete
cms_1                        |     user = super().auth_complete(*args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/utils.py", line 248, in wrapper
cms_1                        |     return func(*args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/backends/oauth.py", line 375, in auth_complete
cms_1                        |     state = self.validate_state()
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/backends/oauth.py", line 87, in validate_state
cms_1                        |     raise AuthStateMissing(self, 'state')
cms_1                        | social_core.exceptions.AuthStateMissing: Session value state missing.

The following upstream issue might be related: python-social-auth/social-core#250: there, it is suggested to define SESSION_COOKIE_SAMESITE = "None". But in Open edX, we have instead: DCS_SESSION_COOKIE_SAMESITE = "None". Indeed, this setting comes from the django-cookies-samesite project: https://pypi.org/project/django-cookies-samesite/

The readme of django-cookies-samesite includes the following warning:

Important

If you’re planning to use this middleware together with the newer version of Django (>3.0.x), and you want to e.g. set the SameSite attribute to none, then you have to add DCS_ prefix to all django-cookies-samesite settings (see examples below).

Yet, edx-platform includes a mix of DCS_SESSION_* and SESSION_* settings. I'm not sure how this could cause an issue, but it's a good starting lead.
@BbrSofiane BbrSofiane added this to the Maple.1 milestone Nov 23, 2021
@BbrSofiane BbrSofiane added priority:medium bug Report of or fix for something that isn't working as intended labels Nov 23, 2021
@regisb
Copy link
Contributor Author

regisb commented Nov 25, 2021

I can confirm that this issue is actually a duplicate of #110. Both issues are fixed by overhangio/tutor#536.

@regisb regisb closed this as completed Nov 25, 2021
@regisb
Copy link
Contributor Author

regisb commented Jan 19, 2022

Unfortunately I just realized that the issue occurs again in Maple. It is visible for instance on the Tutor demo website: https://studio.demo.openedx.overhang.io (login: admin, password: admin). As far as I understand, the error comes from the fact that the "sessionid" cookies (and actually: all cookies dropped by the LMS) are set with "samesite: lax". I do not understand why this happens, despite the fact that we have SESSION_COOKIE_SAMESITE = "None" in production.

@regisb regisb reopened this Jan 19, 2022
@BbrSofiane BbrSofiane modified the milestones: Maple.1, Maple.2 Feb 5, 2022
@BbrSofiane BbrSofiane modified the milestones: Maple.2, Maple.3 Feb 14, 2022
@lumos42
Copy link

lumos42 commented Mar 15, 2022

Hi, I want to contribute to openedx. Can I work on this issue?

@regisb
Copy link
Contributor Author

regisb commented Mar 15, 2022

Sure @shubhamgoyal42, that would be awesome!

@lumos42
Copy link

lumos42 commented Mar 17, 2022

@regisb, can you point me towards a setup guide?

@NeOneSoft
Copy link

Hey @shubhamgoyal42 , thanks for contributing to the community. Could you please specify how we can help you? Are you having problems with the Tutor setup?

regisb added a commit to overhangio/tutor that referenced this issue May 17, 2022
@regisb
fix: 500 error during studio login
6313733 
Login to the studio was causing a 500 error, although the user was correctly
connected. See the issue description here:
openedx/wg-build-test-release#114

The error was caused by the fact that both LMS and CMS session cookies were
being sent to the CMS and the LMS session cookie was considered the "right"
one. To clarify between both cookies, we need to have different session cookie
names between the lms and the cms. This requirement was actually documented in
step 5 of this authentication migration document:
https://github.com/openedx/edx-platform/blob/master/docs/guides/studio_oauth.rst#migration

For more information, have a look at the live stream during which this issue
was debugged: https://youtu.be/m3t1U_y6F64

Close openedx/wg-build-test-release#114
@regisb regisb mentioned this issue May 17, 2022
Merged
@regisb
Copy link
Contributor Author

regisb commented May 17, 2022

I investigated this issue during today's livestream and I'm happy to report that I have a fix: overhangio/tutor#667

regisb added a commit to overhangio/tutor that referenced this issue May 19, 2022
@regisb
fix: 500 error during studio login
549922f 
Login to the studio was causing a 500 error, although the user was correctly
connected. See the issue description here:
openedx/wg-build-test-release#114

The error was caused by the fact that both LMS and CMS session cookies were
being sent to the CMS and the LMS session cookie was considered the "right"
one. To clarify between both cookies, we need to have different session cookie
names between the lms and the cms. This requirement was actually documented in
step 5 of this authentication migration document:
https://github.com/openedx/edx-platform/blob/master/docs/guides/studio_oauth.rst#migration

For more information, have a look at the live stream during which this issue
was debugged: https://youtu.be/m3t1U_y6F64

Close openedx/wg-build-test-release#114
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lumos42 lumos42

Labels
bug Report of or fix for something that isn't working as intended
Projects
Build-Test-Release Working Group
Status: Done
Milestone
Maple.3
Development

Successfully merging a pull request may close this issue.

fix: 500 error during studio login overhangio/tutor
4 participants
@regisb @BbrSofiane @lumos42 @NeOneSoft