Horizon shows unauthorized error after current token is invalidated

Bug #1463386 reported by Ilya Shakhat
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
Medium
Paul Karikh
6.1.x
Won't Fix
Medium
MOS Horizon
7.0.x
Fix Released
Medium
Paul Karikh

Bug Description

Steps to repro:
1. Log into OpenStack dashboard
2. Invalidate your token somehow, for instance by restarting memcached service an all controllers.
3. Try to click to any part of dashboard screen

It is expected that UI remains accessible or ask to re-authenticate. However it shows messages "Error: Unauthorized: Unable to retrieve usage information.", "Error: Unauthorized: Unable to retrieve project list.".
Workaround is to sign out and login once again.

This scenario also simulates token expiration - in that case Horizon behaviour should be the same.

Tags: horizon
Revision history for this message
Ilya Shakhat (shakhat) wrote :

VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "6.1"
  openstack_version: "2014.2.2-6.1"
  api: "1.0"
  build_number: "511"
  build_id: "2015-06-05_17-16-32"
  nailgun_sha: "4340d55c19029394cd5610b0e0f56d6cb8cb661b"
  python-fuelclient_sha: "4fc55db0265bbf39c369df398b9dc7d6469ba13b"
  astute_sha: "7766818f079881e2dbeedb34e1f67e517ed7d479"
  fuel-library_sha: "f43c2ae1af3b493ee0e7810eab7bb7b50c986c7d"
  fuel-ostf_sha: "7c938648a246e0311d05e2372ff43ef1eb2e2761"
  fuelmain_sha: "bcc909ffc5dd5156ba54cae348b6a07c1b607b24"

Revision history for this message
Ilya Shakhat (shakhat) wrote :
tags: added: horizon
Changed in mos:
assignee: nobody → MOS Horizon (mos-horizon)
Changed in mos:
importance: Undecided → Medium
status: New → Confirmed
milestone: none → 7.0
summary: - Horizon shows unauthorized error after shutting down of primary
- controller
+ Horizon shows unauthorized error after current token is invalidated
description: updated
Revision history for this message
Paul Karikh (pkarikh) wrote :

Pach for upstream bug is here: https://review.openstack.org/#/c/142481/ (on review)

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/horizon (openstack-ci/fuel-7.0/2015.1.0)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Vlad Okhrimenko <email address hidden>
Review: https://review.fuel-infra.org/10146

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to openstack/horizon (openstack-ci/fuel-7.0/2015.1.0)

Reviewed: https://review.fuel-infra.org/10146
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-7.0/2015.1.0

Commit: cf55c8509f5e66ec3abeaa2477ef0fb1c12ee562
Author: Vlad Okhrimenko <email address hidden>
Date: Thu Aug 6 12:32:00 2015

Logout user if he has no valid tokens

Before this patch, if user's rights were changed
or revoked - there would be "Unauthorized" errors
on every page since user had no rights to view them
because he had no valid tokens in that case.

Now user will be logged out if he has no valid tokens.
Set `escalate` to True (for unauthorized-error)
to always log user out.

Also, now horizon.exceptions.NotAuthorized is a part of
UNAUTHORIZED tuple in the exceptions.py, because this type
of exception is re-raised after handling services unauthorized errors.
Looks like it was missing. Now the horizon.exceptions.NotAuthorized
is handled like all NotAuthorized exceptions.

And horizon_middleware.py in process_exception now generates
logout_reason for cases if user is not authorized.

Closes-Bug: #1387132
Closes-Bug: #1391185
Closes-Bug: #1463386
Co-Authored-By: Vlad Okhrimenko <email address hidden>

Conflicts:

 openstack_dashboard/dashboards/project/overview/tests.py

Change-Id: I806fd54b5db3938feac446cae16f85a8fb02b273

Revision history for this message
Oleksiy Butenko (obutenko) wrote :

verified on MOS ISO 7.0 301
{"build_id": "301", "build_number": "301", "release_versions": {"2015.1.0-7.0": {"VERSION": {"build_id": "301", "build_number": "301", "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}}}, "auth_required": true, "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}

Timur Sufiev (tsufiev-x)
Changed in mos:
status: Fix Committed → Fix Released
milestone: 6.1 → 7.0
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/horizon (openstack-ci/fuel-8.0/liberty)

Fix proposed to branch: openstack-ci/fuel-8.0/liberty
Change author: Vlad Okhrimenko <email address hidden>
Review: https://review.fuel-infra.org/13362

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on openstack/horizon (openstack-ci/fuel-8.0/liberty)

Change abandoned by Paul Karikh <email address hidden> on branch: openstack-ci/fuel-8.0/liberty
Review: https://review.fuel-infra.org/13362

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.