maicol07 I've changed the admin pw via wordpress > edit my profile > generate password (insert user defined password) > update profile. I only check the database to see if something has changed.
The admin passwords are the same and admin can be logged in into flarum via wordpress - alright.
As soon as I change admin password in wordpress, login is broken with this dartrax fatal error.
I've checked my two testusers against the rules:
testuser #1 has a password of length 6 and the Mail is not unique, so that would not pass the flarum user validator.
testuser #2 has a dot (.
) in its username so that would also not pass the flarum user validator. The Email is unique but disposable.
I've changed the password of testuser #1 to have 8 characters and I changed the Email in Wordpress.
When I try to log in with that user, I do get a new user added in the flarum user database table. So I think this is one step forward. But I get this error:
Fatal error: Uncaught GuzzleHttp\Exception\ServerException: Server error:
POST http://localhost/flarum/api/usersresulted in a
500 Internal Server Errorresponse: {"errors":[{"status":"500","code":"unknown"}]} in C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php:113 Stack trace: #0 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\guzzle\src\Middleware.php(65): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response)) #1 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\promises\src\Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response)) #2 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\promises\src\Promise.php(156): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), Array) #3 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\promises\src\TaskQueue.ph in C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php on line 113
After that, on wordpress and flarum, nobody is logged in.
I tried again, and - yey!! - testuser #2 is logged into flarum!
This only works if I use the Username for log in. If I use the Email for log in, testuser #2 is only logged into Wordpress, not into flarum, no flarum_remember cookie.
I've created a testuser #3 via wordpress backend with a unique email, username and password that match the flarums rules. It has the role "Subscriber". When I try to log in into flarum, the first time the same Exception occurs. When I reload the page with the exception, user is correctly logged in into flarum.
When I change password of testuser #3 via wordpress backend or frontend (no matter where), this user cannot login into flarum or wordpress by using his username, getting the following error. If I use the email for login, he will login into wordpress without error, but not into flarum (no flarum_remember cookie):
Fatal error: Uncaught TypeError: Argument 1 passed to Maicol07\SSO\Flarum::setCookie() must be of the type string, null given, called in C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\includes\src\Flarum.php on line 160 and defined in C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\includes\src\Flarum.php:331 Stack trace: #0 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\includes\src\Flarum.php(160): Maicol07\SSO\Flarum->setCookie(NULL, 1596632685) #1 C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\sso-flarum.php(197): Maicol07\SSO\Flarum->login('testuser', 'ebay@xxxxxxx.de', '91433b63fbd9fb3...', NULL) #2 C:\xampp\htdocs\wp_pub\wp-includes\class-wp-hook.php(287): flarum_sso_login(Object(WP_User), 'testuser', '12345678') #3 C:\xampp\htdocs\wp_pub\wp-includes\plugin.php(206): WP_Hook->apply_filters(Object(WP_User), Array) #4 C:\xampp\htdocs\wp_pub\wp-includes\pluggable.php(539): apply_filters('authenticate', NULL, 'testuser', '12345678') #5 C:\xampp\htdocs\wp_pub\wp-includes\user.php(95): wp_authentic in C:\xampp\htdocs\wp_pub\wp-content\plugins\sso-flarum\includes\src\Flarum.php on line 331
(btw, with this error message the user's password '12345678' is saved in clear text into the logs... I'm no security expert, could this be an issue?)
This seems to be related:
lubos-h Another issue I found is when $token is null (invalid user name and password):
Uncaught TypeError: Argument 1 passed to Maicol07\SSO\Flarum::setCookie() must be of the type string, null given, called in ...\Forum.php on line 162
When I change the email of testuser #3 via wordpress frontend, log in with username still works, but the message, that a confirmation mail was sent, still shows the old mail address, not the new one. Also, in the flarum database users table, the email is still the old one.
This is a huge step forward. Now I want to debug the exception. How to do this?
So, because I'm loosing track of all my problems, here's a list:
- Admin pw needs to be the same on wordpress and flarum. This should be documented.
- Username, PW and Email must match flarums rules. How do we handle users that have symbols in their usernames or too short passwords? (Does disposable email matter?)
- The Exception at first login should be resolved.
- The Exception after password change should be resolved.
- When the Email changes, it should change in flarum, too.
- LogIn should work with Email and PW, not only with Username and PW.
I could create bug reports for those issues in your bugtracker, if you like π