Callback / error 500 / can't log in

[pgwillia]

A user reported being unable to sign into to ERA on March 22 coincident with these error messages in Rollbar

From Chrome, I'm not signed in.

Need to confirm there aren't any issues with the CCID

You can verify your password on the MyCCID test your password page. Your password will be tested against multiple services to ensure that it is valid and functioning properly.

I, [2024-03-22T13:43:35.196710 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] Completed 500 Internal Server Error in 18ms (ActiveRecord: 8.4ms | Allocations: 2747)
I, [2024-03-22T13:43:35.251243 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] [Rollbar] Scheduling item
I, [2024-03-22T13:43:35.251345 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] [Rollbar] Sending item
I, [2024-03-22T13:43:35.252549 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] [Rollbar] Sending json
I, [2024-03-22T13:43:35.462029 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] [Rollbar] Success
I, [2024-03-22T13:43:35.462176 #8569]  INFO -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41] [Rollbar] Details: https://rollbar.com/instance/uuid?uuid=d058148e-f34c-4aa1-8202-ecb8cfd3d523 (only available if report was successful)
E, [2024-03-22T13:43:35.463594 #8569] ERROR -- : [8662fcf3-3c79-4560-a07f-78c8dd8cff41]   
[8662fcf3-3c79-4560-a07f-78c8dd8cff41] ActionController::Redirecting::UnsafeRedirectError (Unsafe redirect to "https://era.library.ualberta.ca/items/3bcc9b7f-5b22-4cf4-ba4c-ede791eb3d1c/view/e35dcade-8076-487...", pass allow_other_host: true to redirect anyway.):
[8662fcf3-3c79-4560-a07f-78c8dd8cff41]   
[8662fcf3-3c79-4560-a07f-78c8dd8cff41] app/controllers/application_controller.rb:121:in `redirect_back_to'
[8662fcf3-3c79-4560-a07f-78c8dd8cff41] app/controllers/sessions_controller.rb:43:in `create'

jupiter/app/controllers/sessions_controller.rb

Line 43 in 9985876

redirect_back_to

jupiter/app/controllers/application_controller.rb

Line 121 in 9985876

redirect_to session.delete(:forwarding_url) || session.delete(:previous_user_location) || root_path

The user's location before the error occurs
https://era.library.ualberta.ca/items/3bcc9b7f-5b22-4cf4-ba4c-ede791eb3d1c
https://era.library.ualberta.ca/
https://era.library.ualberta.ca/
https://era.library.ualberta.ca/communities/8f446adf-bae4-49f5-84b7-6195718ca844/collections/18826f1d-a1f7-4466-9f0e-8ae88350b984?search=GREX
https://era.library.ualberta.ca/communities/8f446adf-bae4-49f5-84b7-6195718ca844/collections/18826f1d-a1f7-4466-9f0e-8ae88350b984?search=GREX
https://era.library.ualberta.ca/
https://era.library.ualberta.ca/items/e42eb3d3-f870-4c58-8046-963f743887d8

View details in Rollbar: https://app.rollbar.com/a/ualbertalib/fix/item/jupiter/1849

ActionController::Redirecting::UnsafeRedirectError: Unsafe redirect to "https://era.library.ualberta.ca/items/3bcc9b7f-5b22-4cf4-ba4c-ede791eb3d1c/view/e35dcade-8076-487...", pass allow_other_host: true to redirect anyway.
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/redirecting.rb", line 199, in _enforce_open_redirect_protection
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/redirecting.rb", line 95, in redirect_to
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/flash.rb", line 62, in redirect_to
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/instrumentation.rb", line 49, in block in redirect_to
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications.rb", line 206, in block in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications/instrumenter.rb", line 58, in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications.rb", line 206, in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/instrumentation.rb", line 48, in redirect_to
  File "/var/www/sites/jupiter/app/controllers/application_controller.rb", line 121, in redirect_back_to
  File "/var/www/sites/jupiter/app/controllers/sessions_controller.rb", line 43, in create
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/basic_implicit_render.rb", line 6, in send_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/abstract_controller/base.rb", line 224, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/rendering.rb", line 165, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/abstract_controller/callbacks.rb", line 259, in block in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/callbacks.rb", line 121, in block in run_callbacks
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actiontext-7.1.3/lib/action_text/rendering.rb", line 23, in with_renderer
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actiontext-7.1.3/lib/action_text/engine.rb", line 69, in block (4 levels) in <class:Engine>
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/callbacks.rb", line 130, in instance_exec
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/callbacks.rb", line 130, in block in run_callbacks
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/callbacks.rb", line 141, in run_callbacks
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/abstract_controller/callbacks.rb", line 258, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/rescue.rb", line 25, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/instrumentation.rb", line 74, in block in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications.rb", line 206, in block in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications/instrumenter.rb", line 58, in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activesupport-7.1.3/lib/active_support/notifications.rb", line 206, in instrument
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/instrumentation.rb", line 73, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal/params_wrapper.rb", line 261, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/activerecord-7.1.3/lib/active_record/railties/controller_runtime.rb", line 32, in process_action
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/abstract_controller/base.rb", line 160, in process
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionview-7.1.3/lib/action_view/rendering.rb", line 40, in process
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal.rb", line 227, in dispatch
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_controller/metal.rb", line 309, in dispatch
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/routing/route_set.rb", line 49, in dispatch
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/routing/route_set.rb", line 32, in serve
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/journey/router.rb", line 51, in block in serve
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/journey/router.rb", line 131, in block in find_routes
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/journey/router.rb", line 124, in each
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/journey/router.rb", line 124, in find_routes
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/journey/router.rb", line 32, in serve
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/actionpack-7.1.3/lib/action_dispatch/routing/route_set.rb", line 882, in call
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/flipper-1.2.2/lib/flipper/middleware/memoizer.rb", line 87, in memoized_call
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/flipper-1.2.2/lib/flipper/middleware/memoizer.rb", line 45, in call
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 470, in call_app!
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 418, in callback_phase
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/omniauth-saml-2.1.0/lib/omniauth/strategies/saml.rb", line 50, in block (2 levels) in callback_phase
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/omniauth-saml-2.1.0/lib/omniauth/strategies/saml.rb", line 144, in handle_response
  File "/var/www/sites/jupiter/vendor/ruby/3.1.0/gems/omniauth-saml-2.1.0/lib/omniauth/strategies/saml.rb", line 49, in block in callback_phase
  File "/var/www/sites/jupiter/vendor/ruby/3.1.

[pgwillia]

I was able to recreate this issue for my account, but I'm not exactly sure how. Clearing cookies for ualberta.ca resolved my issue.
Screencast from 2024-03-26 08:48:55 AM.webm

At the time I was revisiting the links that the user had visited prior and login in/out. I visited a ccid protected item, logged out and then visited again receiving this error

[pgwillia]

jupiter/app/controllers/application_controller.rb

Lines 120 to 122 in 9985876

	def redirect_back_to
	redirect_to session.delete(:forwarding_url) || session.delete(:previous_user_location) || root_path
	end

Could add rescue

def redirect_back_to
  begin
    redirect_to url_for(session.delete(:forwarding_url) || session.delete(:previous_user_location) || root_path)
  rescue ActionController::Redirecting::UnsafeRedirectError
    redirect_to root_path
  end
end

Not sure how to write a test for this

test 'should rescue from UnsafeRedirectError and redirect to root_path' do
    user = users(:user_regular)
    
    get root_url
    session[:forwarding_url] = 'http://unsafe.com' # an unsafe URL
    session[:previous_user_location] = 'http://unsafe.com' # an unsafe URL
    
    sign_in_as user

    assert_redirected_to root_path
  end

The session values don't persist

user = users(:user_regular)
item = items(:item_authenticated) # need to add files
sign_in_as user

get file_view_item_url(
  id: item.id,
  file_set_id: item.files.first.fileset_uuid,
  file_name: item.files.first.filename.to_s
)
    
get logout_url
assert_equal I18n.t('sessions.destroy.signed_out'), flash[:notice]

get file_view_item_url(
  id: item.id,
  file_set_id: item.files.first.fileset_uuid,
  file_name: item.files.first.filename.to_s
)
assert_equal I18n.t('authorization.user_not_authorized_try_logging_in'), flash[:notice]

sign_in_as user
# expect 500 error/UnsafeRedirectError but haven't been able to recreate