Canonical SSO provider

track_failed_login not called when the login_failed signal fires

Bug #1488222 reported by Daniel Manrique
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Fix Released
Medium
Daniel Manrique

Bug Description

I think the track_failed_login method is not being called when login_failed signal is fired.

The method is registered to the signal and scoped to sender=Account:

login_failed.connect(
    track_failed_login, sender=Account,
    dispatch_uid='identityprovider.login_failed')

But this signal is only ever called in two places:

webui/views/ui.py line 215:

        except AuthenticationError as e:
            # track failed login attempt
            login_failed.send(sender=self, request=request,
                              credentials=dict(email=email, password=password))

(This is in the post method for LoginView, so sender=A LoginView Instance (not Account, so the track_failed_login method will not be called).

Second call:

api/v20/handlers.py line 356:

        if account is None:
            # track failed login attempt
            login_failed.send(sender=self, request=request,
                              credentials=dict(email=email, password=password))

This is in the create method for AccountLoginHandler so sender=an AccountLoginHandler instance. Again, the track_failed_login will not be called.

Reading the tests, I think there is:

1- A test (src/webui/tests/test_views_ui.py) to ensure the signal is fired, which is done by mocking the signal's send() method and asserting it's called. But even if send() is called, it doesn't guarantee the dispatcher will fire the methods registered to that signal. In this case it doesn't happen due to the sender=Account scoping, something this test doesn't check.

2- A test (test_signals.py) to verify the side-effects from track_failed_login are correct. It's invoked with a mock object for the sender argument, but this assumes the signal dispatcher invoked the method (which doesn't happen if the sender=Account scipe is not satisfied, something not tested here).

How to reproduce:

1- Bootstrap SSO environment, make run
2- Register an account and log out
3- Set up a way to observe side-effects of track_failed_login (I simply put a print("HELLO") statement in the method itself).
4- Try to log in with your account using a bad password.
5- Verify that your side-effect observation doesn't show evidence that the method was called (no HELLO log to the console in my case).

Related branches

lp:~roadmr/canonical-identity-provider/1488222-fix-login-failed-signal
Ricardo Kirkner (community): Approve
Diff: 76 lines (+39/-3)
2 files modified
src/identityprovider/signals.py (+2/-2)
src/webui/tests/test_views_ui.py (+37/-1)
Daniel Manrique (roadmr)
Changed in canonical-identity-provider:
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Daniel Manrique (roadmr)
Ubuntu One Auto Pilot (otto-pilot)
Changed in canonical-identity-provider:
status: In Progress → Fix Committed
Daniel Manrique (roadmr)
Changed in canonical-identity-provider:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.