[GH-ISSUE #487] Login page does nothing and says nothing when things go wrong #383

Closed
opened 2026-02-25 21:34:54 +03:00 by kerem · 6 comments
Owner

Originally created by @gitcnd on GitHub (Jun 1, 2021).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/487

Originally assigned to: @jasonmunro, @christer77 on GitHub.

🗣 Suggestion

When I enter a (correct) username and (correct, but see later) password and click login, a few seconds pass and then what I typed just vanishes - nothing else happens (no messages or anything - just the same login screen with now-empty boxes)

When things don't work, users should probably be told at least something about what went wrong?

  • Update - my logs show an authentication problem - so yes - users DEFINITELY should be told about this error: because Cyph login said nothing, I tried again a few times - which endangers my gmail account getting locked for repeated attempts I guess?

On that - I expect I need to tell gmail I'm going to use IMAP (or better, get some token or something instead?) - so not only should I have been told about the auth problem at login, a better warning would have been to also tell me about enabling whatever-needs-to-be-enabled as well?

Also - on that last point - the doc wasn't clear about how authentication even works, or what to (a mail server? theirs or mine? my own custom user/password system) - so explaining this a bit better in the doc would be nice (along with steps needed so that it can work in gmail etc)

==> php-fpm/www-error.log <==
[01-Jun-2021 22:16:28 UTC] Array
(
    [0] => Using Hm_PHP_Session with Hm_Auth_Dynamic
    [1] => Using DB user configuration
    [2] => Using sapi: fpm-fcgi
    [3] => Request type: HTTP
    [4] => Request path: /mail-debug/
    [5] => TLS request: 0
    [6] => Mobile request: 0
    [7] => Page ID: home
    [8] => Redis enabled but not supported by PHP
    [9] => CACHE backend using: noop
    [10] => Dynamic login override, using Hm_Auth_IMAP
    [11] => 
Debug Array
(
    [0] => Connecting to tls://imap.gmail.com on port 993
    [1] => Successfully opened port to the IMAP server
    [CAPS] => * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
    [2] => Log in for <redacted>@gmail.com FAILED
    [A1 CAPABILITY] => 0.032351016998291
    [LOGIN] => 0.067843914031982
)

Response Array
(
    [0] => Array
        (
            [0] => * OK Gimap ready for requests from 91.103.2.212 z8mb513650936wru
            [1] => * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
            [2] => A1 OK Thats all she wrote! z8mb513650936wru
        )

    [1] => Array
        (
            [0] => A2 NO [ AUTHENTICATIONFAILED ] Invalid credentials ( Failure )
        )

)

    [12] => IMAP AUTH failed for <redacted>@gmail.com
    [13] => Redirecting to /mail-debug/
    [14] => PHP version 7.2.24
    [15] => Zend version 3.2.0
    [16] => Peak Memory: 4096
    [17] => PID: 177477
    [18] => Included files: 80
)
Originally created by @gitcnd on GitHub (Jun 1, 2021). Original GitHub issue: https://github.com/cypht-org/cypht/issues/487 Originally assigned to: @jasonmunro, @christer77 on GitHub. ## 🗣 Suggestion <!-- Describe your Suggestion/Idea in detail. --> When I enter a (correct) username and (correct, but see later) password and click login, a few seconds pass and then what I typed just vanishes - nothing else happens (no messages or anything - just the same login screen with now-empty boxes) When things don't work, users should probably be told at least something about what went wrong? * Update - my logs show an authentication problem - so yes - users DEFINITELY should be told about this error: because Cyph login said nothing, I tried again a few times - which endangers my gmail account getting locked for repeated attempts I guess? On that - I expect I need to tell gmail I'm going to use IMAP (or better, get some token or something instead?) - so not only should I have been told about the auth problem at login, a better warning would have been to also tell me about enabling whatever-needs-to-be-enabled as well? Also - on that last point - the doc wasn't clear about how authentication even works, or what to (a mail server? theirs or mine? my own custom user/password system) - so explaining this a bit better in the doc would be nice (along with steps needed so that it can work in gmail etc) ``` ==> php-fpm/www-error.log <== [01-Jun-2021 22:16:28 UTC] Array ( [0] => Using Hm_PHP_Session with Hm_Auth_Dynamic [1] => Using DB user configuration [2] => Using sapi: fpm-fcgi [3] => Request type: HTTP [4] => Request path: /mail-debug/ [5] => TLS request: 0 [6] => Mobile request: 0 [7] => Page ID: home [8] => Redis enabled but not supported by PHP [9] => CACHE backend using: noop [10] => Dynamic login override, using Hm_Auth_IMAP [11] => Debug Array ( [0] => Connecting to tls://imap.gmail.com on port 993 [1] => Successfully opened port to the IMAP server [CAPS] => * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH [2] => Log in for <redacted>@gmail.com FAILED [A1 CAPABILITY] => 0.032351016998291 [LOGIN] => 0.067843914031982 ) Response Array ( [0] => Array ( [0] => * OK Gimap ready for requests from 91.103.2.212 z8mb513650936wru [1] => * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH [2] => A1 OK Thats all she wrote! z8mb513650936wru ) [1] => Array ( [0] => A2 NO [ AUTHENTICATIONFAILED ] Invalid credentials ( Failure ) ) ) [12] => IMAP AUTH failed for <redacted>@gmail.com [13] => Redirecting to /mail-debug/ [14] => PHP version 7.2.24 [15] => Zend version 3.2.0 [16] => Peak Memory: 4096 [17] => PID: 177477 [18] => Included files: 80 ) ``` <!-- Attach Screenshots and Drawings if needed. -->
kerem 2026-02-25 21:34:54 +03:00
Author
Owner

@jasonmunro commented on GitHub (Jun 8, 2021):

@gitcnd I know we spoke in gitter and I think you got this resolved? Our docs could always use improvement and third party access to Gmail can be trickier than most providers. I agree that we are failing to indicate that something has gone wrong in this case so I will see about fixing up that behavior at least with a generic error message.

<!-- gh-comment-id:856390764 --> @jasonmunro commented on GitHub (Jun 8, 2021): @gitcnd I know we spoke in gitter and I think you got this resolved? Our docs could always use improvement and third party access to Gmail can be trickier than most providers. I agree that we are failing to indicate that something has gone wrong in this case so I will see about fixing up that behavior at least with a generic error message.
Author
Owner

@jasonmunro commented on GitHub (Jun 8, 2021):

@gitcnd we were using an "auth_failed" type of flag in the code to determine if we should show the login error message. I suspect when something goes wrong like the Gmail auth that flag was not being set properly. I removed it and replaced it with a more generic check of "is the session loaded" which should cover all the possible failed login situations. I will leave this open for a bit if you want to follow up but otherwise I believe this issue to be resolved. Thanks again for the feedback!

<!-- gh-comment-id:857021491 --> @jasonmunro commented on GitHub (Jun 8, 2021): @gitcnd we were using an "auth_failed" type of flag in the code to determine if we should show the login error message. I suspect when something goes wrong like the Gmail auth that flag was not being set properly. I removed it and replaced it with a more generic check of "is the session loaded" which should cover all the possible failed login situations. I will leave this open for a bit if you want to follow up but otherwise I believe this issue to be resolved. Thanks again for the feedback!
Author
Owner

@marclaporte commented on GitHub (Jul 31, 2022):

@gitcnd Can we close?

<!-- gh-comment-id:1200477851 --> @marclaporte commented on GitHub (Jul 31, 2022): @gitcnd Can we close?
Author
Owner

@marclaporte commented on GitHub (May 6, 2024):

@gitcnd

Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0

<!-- gh-comment-id:2097117673 --> @marclaporte commented on GitHub (May 6, 2024): @gitcnd Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0 - https://github.com/cypht-org/cypht/releases/tag/v2.0.0 - https://github.com/cypht-org/cypht/wiki/Lifecycle
Author
Owner

@marclaporte commented on GitHub (Sep 28, 2024):

@gitcnd Last call :-)

Please test latest stable:
https://github.com/cypht-org/cypht/releases/

<!-- gh-comment-id:2380411637 --> @marclaporte commented on GitHub (Sep 28, 2024): @gitcnd Last call :-) Please test latest stable: https://github.com/cypht-org/cypht/releases/
Author
Owner

@christer77 commented on GitHub (Aug 8, 2025):

Hello @gitcnd,

Thank you for testing the latest version:

If the problem persists, please reopen this issue.

Thank you.

<!-- gh-comment-id:3167640577 --> @christer77 commented on GitHub (Aug 8, 2025): Hello @gitcnd, Thank you for testing the latest [version:]( https://github.com/cypht-org/cypht/releases/) If the problem persists, please reopen this issue. Thank you.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cypht#383
No description provided.