Login fails when logging in while accessing URL with query parameters

Could you give a bit more background/information to dupe?

Thanks

1. log out from launchpad
2. go to this url
3. click login
4. after authenticating/confirming and clicking "Continue" to go to third party website you'll be presented with this error

You didn't specify the URL to which to go ("2. go to this url"). I tried both 'https://launchpad.net/+openid-callback' and the really long one (with a nonce!) and, unsurprisingly, got "Your login was unsuccessful: Invalid openid.mode: '<No mode set>'". This seems very reasonable to me--why would someone go to the +openid-callback page unless they are in the middle of an openid dance? It also does not match your description of the bug.

I'm afraid I still do not understand your report.

Sorry for that.

I was referring to URL from bug description: https://bugs.launchpad.net/canonical-identity-provider/+bugs?orderby=-importance&field.has_patch.used=&field.tag=&field.assignee=&field.has_cve.used=&field.searchtext=&assignee_option=any&search=Search&field.tags_combinator=ANY&field.has_branches.used=&field.has_no_branches=on&field.affects_me.used=&field.omit_dupes.used=&field.has_no_branches.used=&field.has_branches=on&field.bug_commenter=&field.bug_supervisor=&field.subscriber=&field.status=NEW&field.status=INCOMPLETE_WITH_RESPONSE&field.status=INCOMPLETE_WITHOUT_RESPONSE&field.status=CONFIRMED&field.status=TRIAGED&field.status=INPROGRESS&field.status=FIXCOMMITTED&field.omit_dupes=on&field.bug_reporter=

Now, if you go there while not logged it and try to log in you'll not be able to do it.

Fixed in stable r11186 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/11186>.

QA Failed. Apparently there is some difference in behavior between the prod and dev OpenID providers. Investigating further.

A branch that should fix the problem which caused QA to fail is in review.

Fixed in stable r11221 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/11221>.

A test passed using a simple search query, but failed with No REFERRER Header error using the example bug URL (converting to edge). This would be because a form POST needs to be done due to the size of the query string.

Even if the Canonical SSO starts sending the REFERRER headers, that doesn't mean 3rd party OPs will provide it when we want to support them, so ideally we should relax this restriction for the login process.

Benji, the pertinent code for what Stuart is talking about is maybeBlockOffsiteFormPost from lib/canonical/launchpad/webapp/publication.py

The error reported in message #10 is now fixed. The last few revisions (11113 on) should be reviewed and then I'll land this branch.

Fixed in stable r11378 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/11378>.

The bad behavior mentioned in #10 has been fixed and verified.

Once bug 608920 is fixed we can do final QA on this bug. It's blocked until then.

Bug 608920 has been fixed so after verifying that I saw correct behavior, I tested this out on staging and edge. Both failed with a "Bad signature" error. Investigating.

So... now I can't reproduce the "Bad signature" error. Marking qa-ok.