Mirantis OpenStack

Horizon shows unauthorized error after current token is invalidated

Bug #1463386 reported by Ilya Shakhat on 2015-06-09

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Fix Released	Medium	Paul Karikh	Mirantis OpenStack 7.0
6.1.x	Won't Fix	Medium	MOS Horizon	Mirantis OpenStack 6.1
7.0.x	Fix Released	Medium	Paul Karikh	Mirantis OpenStack 7.0

Bug Description

Steps to repro:
1. Log into OpenStack dashboard
2. Invalidate your token somehow, for instance by restarting memcached service an all controllers.
3. Try to click to any part of dashboard screen

It is expected that UI remains accessible or ask to re-authenticate. However it shows messages "Error: Unauthorized: Unable to retrieve usage information.", "Error: Unauthorized: Unable to retrieve project list.".
Workaround is to sign out and login once again.

This scenario also simulates token expiration - in that case Horizon behaviour should be the same.

See original description

Tags:

Revision history for this message

Ilya Shakhat (shakhat) wrote on 2015-06-09:

VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "6.1"
  openstack_version: "2014.2.2-6.1"
  api: "1.0"
  build_number: "511"
  build_id: "2015-06-05_17-16-32"
  nailgun_sha: "4340d55c19029394cd5610b0e0f56d6cb8cb661b"
  python-fuelclient_sha: "4fc55db0265bbf39c369df398b9dc7d6469ba13b"
  astute_sha: "7766818f079881e2dbeedb34e1f67e517ed7d479"
  fuel-library_sha: "f43c2ae1af3b493ee0e7810eab7bb7b50c986c7d"
  fuel-ostf_sha: "7c938648a246e0311d05e2372ff43ef1eb2e2761"
  fuelmain_sha: "bcc909ffc5dd5156ba54cae348b6a07c1b607b24"

Revision history for this message

Ilya Shakhat (shakhat) wrote on 2015-06-09:

Screenshot Edit (82.8 KiB, image/png)

tags:	added: horizon
Changed in mos:
assignee:	nobody → MOS Horizon (mos-horizon)

Dmitry Mescheryakov (dmitrymex) on 2015-06-09

Changed in mos:
importance:	Undecided → Medium
status:	New → Confirmed
milestone:	none → 7.0

Dmitry Mescheryakov (dmitrymex) on 2015-06-09

summary:	- Horizon shows unauthorized error after shutting down of primary - controller + Horizon shows unauthorized error after current token is invalidated
description:	updated

Revision history for this message

Paul Karikh (pkarikh) wrote on 2015-08-03:

Pach for upstream bug is here: https://review.openstack.org/#/c/142481/ (on review)

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-06: Fix proposed to openstack/horizon (openstack-ci/fuel-7.0/2015.1.0)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Vlad Okhrimenko <email address hidden>
Review: https://review.fuel-infra.org/10146

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-06: Fix merged to openstack/horizon (openstack-ci/fuel-7.0/2015.1.0)

Reviewed: https://review.fuel-infra.org/10146
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-7.0/2015.1.0

Commit: cf55c8509f5e66ec3abeaa2477ef0fb1c12ee562
Author: Vlad Okhrimenko <email address hidden>
Date: Thu Aug 6 12:32:00 2015

Logout user if he has no valid tokens

Before this patch, if user's rights were changed
or revoked - there would be "Unauthorized" errors
on every page since user had no rights to view them
because he had no valid tokens in that case.

Now user will be logged out if he has no valid tokens.
Set `escalate` to True (for unauthorized-error)
to always log user out.

Also, now horizon.exceptions.NotAuthorized is a part of
UNAUTHORIZED tuple in the exceptions.py, because this type
of exception is re-raised after handling services unauthorized errors.
Looks like it was missing. Now the horizon.exceptions.NotAuthorized
is handled like all NotAuthorized exceptions.

And horizon_middleware.py in process_exception now generates
logout_reason for cases if user is not authorized.

Closes-Bug: #1387132
Closes-Bug: #1391185
Closes-Bug: #1463386
Co-Authored-By: Vlad Okhrimenko <email address hidden>

Conflicts:

openstack_dashboard/dashboards/project/overview/tests.py

Change-Id: I806fd54b5db3938feac446cae16f85a8fb02b273

Revision history for this message

Oleksiy Butenko (obutenko) wrote on 2015-09-29:

verified on MOS ISO 7.0 301
{"build_id": "301", "build_number": "301", "release_versions": {"2015.1.0-7.0": {"VERSION": {"build_id": "301", "build_number": "301", "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}}}, "auth_required": true, "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}

Timur Sufiev (tsufiev-x) on 2015-09-29

Changed in mos:
status:	Fix Committed → Fix Released
milestone:	6.1 → 7.0

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-10-29: Fix proposed to openstack/horizon (openstack-ci/fuel-8.0/liberty)

Fix proposed to branch: openstack-ci/fuel-8.0/liberty
Change author: Vlad Okhrimenko <email address hidden>
Review: https://review.fuel-infra.org/13362