Social Login

Hello,

I followed all the steps from the social login trough google guide. But when testing it and inserting my test email I get a blank screen saying “not acceptable”.

What could be causing this ?

Second question. The login with google shows perfectly when trying to sign up in the sidebar. But if I go create an account it is only visible if I click in login, which makes sense but I would like to change this. How can I edit the login/create account page (it seems to be a woocommerce shortcode), I see no option in layouts ou pages.

Attachments:

You must be logged in to view attached files.

Hello,

01. Please follow this instruction to configure:
https://xtemos.com/docs/woodmart/faq-guides/configure-google-login/
As soon as you configure,please provide site url.

02. My Account page is the functional page of Woocommerce. It is not editable with page builder.

Best Regards.

As I mentioned that is the guide I followed.

You guys don’t mention anything about the final phase so that might be where the problems occurs.

For example I have to use a link for the authenticator, I used the one recommended by you guys (see first image for reference), but it says in the text that is usually the link and if it isn’t to check the documentation, but when I go see the documentation it doesn’t even mention that..

Another thing that might be causing the problem is that the social authenticator is still in test mode. I added two emails as test users, but when trying to log in with those allowed emails it is still not accepted.

You guys don’t mention anything in the documentation about the last part and it being in test mode so I don’t really know how to proceed. I added the link of my website but since your email isn’t one of the test users I doubt you could do anything. Maybe you could tell me which area of the google authenticator process you need images of so you could check if anything is wrong ?

Thank you.

Attachments:

You must be logged in to view attached files.

Hello,

This “Not acceptable” error is generated by your server and there are no problems in your Google APP configuration. You need to contact your hosting provider and ask to check why the server blocks this request.

Kind Regards

Thank you, I will contact the host and come back to you.

After contacting server support they have disabled a bunch of security measures inlcuding mod_security rules. I have included the rules and the logs in the private area.

I am also getting a new error message about missing lines in the theme core (image annexed).

Is this a normal ocorrence ? I don’t want my website security to suffer so I can enable social login, there needs to be a way to solve this. I would apreciate a fast answer as my website security is at risk so you can troubleshoot this.

Thank you.

Attachments:

You must be logged in to view attached files.

Please, update the theme to the latest version 7.2.3 and test how it works. Don’t forget to update the WoodMart core plugin as well.

I updated it. I still get an error message but it just says “critical error” this time. The rest of my previous comment mentionning the logs and website security remains unanswered.

Thank you

Please, disable all plugins that are not related to our theme and send us your admin access so we can check the error.

You need to consult with your hosting provider about the error that causes this security block from the server. Logs you sent don’t give us any information about what is the block caused by and how to fix it.

Kind Regards

I don’t have any other plugins unrelated to the theme. The only one was wordfence but it was and is disabled.
My host pretty much exhausted every option and disabled a bunch of security options.
Please login and try to figure out the problem. The google app is still in test mode so you need to tell me the email you plan on using so I can allow it or it won’t work.

Try to edit the file woodmart-core/inc/auth.php and replace this line

$opauth = new Opauth( $this->get_config( $response['auth']['provider'] ), false );

with this one

$opauth = new Opauth( $this->get_config( strtolower( $response['auth']['provider'] ) ), false );

Hello it worked !

I am going to enable the security mod to see if it still works.
Also can I delete the plugin you installed (file manager) ?

Thank you 🙂

Hello,
Once again we back in the same problem of “not acceptable”.
At least now I know the login actually works and the problem is that the login is being blocked.
I need to fix this problem because I can’t be running the website with mod_security disabled. Please refer to my previous comment with the rules being blocked and the logs. You said the logs don’t tell you the problem but what other information can I give you ?

Thank you.

Hello,

You need to consult with your hosting provider on this matter. Maybe this problem is not related to our theme but you have some malicious code on your website only because we didn’t get similar reports before.
If it is caused by some particular code in the theme, your hosting provider should be able to point you to the right place in the code.

Kind Regards

The only thing I ever installed on this website besides the recommended plugins was wordfence which is a security plugin. The server protection is also good, in fact anytime anyone from the xtemos team tried to log in I had to ask the host so your IP wouldnt get blocked. Wordfence also tells me there isn’t anything wrong with the website after scanning. So I highly doubt there is any malicious code in the website.

This is out of their realm of responsibilities, they are not going to look into the code to see what’s causing the problem.

I already provided the rules being blocked and the logs of the errors. I don’t know what else I can give you if you don’t tell me. You keep giving me the same answer of trying to delegate the responsibility to the host.

Also please check the images in hidden section just to get out of the way the possibility that there was something wrongly setup in the google api.

Thank you

We are sorry to say, but the information provided by you is not enough. You wrote a log with blocked rules but it doesn’t have any information about any issues in the theme. We don’t know what should we check or fix to solve this problem.
If you think that this problem is caused by our theme code but we can’t fix it, you can request a refund and we will return your money back.

Kind Regards

[geral-3381]

I don’t want a refund because I have already invested a ton of hours into building this website and I really like your theme. This is the only “big problem” I had so far.

I am just trying to understand what is causing this problem and I imagine you are more well equipped than I am to deal with this but you are telling me you also don’t know what could be causing it so I am lost.
I have asked multiple times for an email so I can add you to the test users so you can see for yourself what could be causing the login to be blocked. I asked if you wanted me to activate debug mode so you could check the page. Also nothing.

You haven’t even mentioned the possibility of the request being blocked because of the IP. Perhaps the IP google api uses is being blocked by my host and I need to whitelist. Does the login request in any way run back to your servers ? That could be the biggest indicator, anytime I had support trying to log in my website I had to request host because you guys were getting blocked, and it was by the exact same error “not acceptable”. If you could provide me the IP range XTEMOS uses I could ask my host to whitelist it and maybe it fixes the issue. I think it’s worth to try.

You say I am not providing enough information, I apologize if that’s the case, I am not a dev so I don’t have a lot of technical knowledge. I just provided the logs and the debug idea because that’s what my host told me to do to you to fix the issue.
If there is also any question you would like me to ask the host that could help you guys solve the issue, tell me.

Thank you,

• This reply was modified 11 months, 2 weeks ago by geral-3381.

Hello,

This functionality has no relation to our server. If your server blocks some particular IP, hosting support should have told you about this so I don’t think it is the case.
Even if we check this on your website we will see the same 403 or 500 error generated by the server and that’s all. These errors are generic and don’t contain any details.
If the server blocks some particular then it must know why it is blocked. That is why you need to consult with your hosting provider further.

Kind Regards

But what should I specifically ask them ?
When I asked them for a specific reason of why it’s getting blocked they said it’s probably something code-related.

In this case, you can at least ask what this code may look like so we can see if something similar exists in our theme or not.

Kind Regards

Hello,
They just won’t go into the question. They just answered me “it’s not our code we don’t have that information”.

Can you tell me at least which files’ code I have to check ?

Hello,

Yes, it is not their code but the server blocks the request and they have to know what is the reason for that. They can try to log in and monitor server logs while doing that to see what exactly causes the server to block the request.

If you want to check the social login code, you can find it in the folder wp-content/plugins/woodmart-core/inc/auth.php.

Kind Regards

[geral-3381]

Yes, it is not their code but the server blocks the request and they have to know what is the reason for that. They can try to log in and monitor server logs while doing that to see what exactly causes the server to block the request.

That’s what they did, but when I gave you the logs you told me it’s not enough information. The logs say which rules are being blocked by the mod security.

• This reply was modified 11 months, 2 weeks ago by geral-3381.

Hello,

Yes, because the logs don’t contain any information about the actual reason for the block. I mean some code, special parameters, etc. It contains URL only but why is that URL blocked?

Kind Regards

Hello, I contacted them again and asked word by word you said. This time they gave me more information. Hopefully this time it will be helpful.

2023-05-11 11:41:48     staging.vizace.pt   93.108.103.242  CRITICAL    403     
Request:
GET /minha-conta/google/oauth2callback?code=4%2F0AbUR2VNR838lvyb8PkvK-ebulokXbRAJReQBb4MUZW1_L5RXEonCj_mL09YKSpj7hHMu-A&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none
Action Description:
Warning.
Justification:
Matched phrase ".profile" at ARGS:scope.

Hello,

According to this information, this particular request is blocked not because of the code but because of the URL structure. It says that matched phrase ".profile"https://gyazo.com/edc593435bba5a37288e5b8525c157db
But this callback URL is generated by Google and it is absolutely safe. You can add this URL to the white list and never block it.

Kind Regards

It finally worked.
Thank you so much.

Great, you are welcome!

[Author]

Posts