Ubuntu Cloud Archive

Need to login twice (again)

Series kilo
Bug #1403037

Bug #1403037 reported by Matthias Runge on 2014-12-16

This bug affects 20 people

	Status	Importance	Assigned to	Milestone
Ubuntu Cloud Archive	Fix Released	Medium	James Page
Kilo	Fix Released	Medium	James Page
django-openstack-auth	Fix Released	High	Matthias Runge	django-openstack-auth 1.1.9
python-django-openstack-auth (Ubuntu)	Fix Released	Undecided	Unassigned
Vivid	Won't Fix	Medium	Unassigned

Bug Description

With latest Juno release, I see the need to login twice issue occurring again:

2014-12-16 11:58:37,635 18072 INFO openstack_auth.forms Login successful for user "mrunge".
2014-12-16 11:58:37,641 18071 INFO openstack_auth.views Logging out user "mrunge".
2014-12-16 11:58:37,649 18071 INFO openstack_auth.views Could not delete token
2014-12-16 12:00:32,966 18071 INFO openstack_auth.forms Login successful for user "mrunge".

This might be related to: https://github.com/openstack/horizon/commit/e8a66a4d92ae259a5ef004cafad1809942c66596

(DDOS fix)

This is quite comparable to https://bugs.launchpad.net/horizon/+bug/1308918

IMHO to reproduce, we need to have both keystone token and session timed out.

See original description

Tags:

CVE References

2014-8124

Matthias Runge (mrunge) on 2014-12-16

Changed in horizon:
importance:	Undecided → High
tags:	added: juno-backport-potential

Paul Karikh (pkarikh) on 2014-12-16

Changed in horizon:
assignee:	nobody → Paul Karikh (pkarikh)

Paul Karikh (pkarikh) on 2014-12-16

Changed in horizon:
status:	New → In Progress

Revision history for this message

Paul Karikh (pkarikh) wrote on 2014-12-17:

Actually it caused by changes for horizon/middleware.py from https://review.openstack.org/#/c/140353/ patch.
Now I'm trying to find out how to fix it without undoing DOS fixing patch.

Revision history for this message

Matthias Runge (mrunge) wrote on 2014-12-17:

Yes, Paul; I agree!

Revision history for this message

Matthias Runge (mrunge) wrote on 2014-12-18:

https://review.openstack.org/#/c/142737/

Changed in horizon:
assignee:	Paul Karikh (pkarikh) → Matthias Runge (mrunge)
Changed in django-openstack-auth:
assignee:	nobody → Matthias Runge (mrunge)
no longer affects:	horizon
Changed in django-openstack-auth:
importance:	Undecided → High
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-07: Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/142737
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=336d7a531d8fb422e3b86a46b865339b3a321902
Submitter: Jenkins
Branch: master

commit 336d7a531d8fb422e3b86a46b865339b3a321902
Author: Matthias Runge <email address hidden>
Date: Thu Dec 18 12:53:19 2014 +0100

add last_activity to session

    Actually, the fix for CVE-2014-8124 included a regression, resulting
    users had to log in a second time, after being logged out due to
    inactivity.

Change-Id: If6a7f489058c80c969975dc0658e6f2ae979eca3
Closes-Bug: 1403037

Changed in django-openstack-auth:
status:	In Progress → Fix Committed

Matthias Runge (mrunge) on 2015-01-26

Changed in django-openstack-auth:
milestone:	none → 1.1.9

Revision history for this message

Thiago Martins (martinx) wrote on 2015-05-05:

Please guys, backport this to Juno (Ubuntu Cloud archive)!

Revision history for this message

Matthias Runge (mrunge) wrote on 2015-05-06:

Thiago, this is upstream, and it was fixed some time ago.

Please report this to your distro vendor and request support there.

I-Ming Chen (roddd) on 2015-06-08

description:

updated

David Lyle (david-lyle) on 2015-07-15

Changed in django-openstack-auth:
status:	Fix Committed → Fix Released

Revision history for this message

Thiago Martins (martinx) wrote on 2015-09-11:

Still present on Kilo 2015.1.1 !!!

Revision history for this message

Kevin Tibi (ktibi) wrote on 2015-09-14:

yes I have this bug with python-django-openstack-auth-1.2.0-4.el7

Revision history for this message

Matthias Runge (mrunge) wrote on 2015-09-14:

rdo version is a mixture of kilo and cherry-picked patches from liberty. Thus you guys are seeing https://launchpad.net/bugs/1491117

Revision history for this message

Thiago Martins (martinx) wrote on 2015-09-21:

#10

Matthias,

I'm running Ubuntu Trusty with Kilo Cloud Archive, not RDO...

This bug is still present.

Need to login twice after timeout, really annoying.

Revision history for this message

Matthias Runge (mrunge) wrote on 2015-10-16:

#11

Thiago,

I'm sorry about this, but I honestly can't help you, other than recommending to switch the distro; but that is probably out of discussion ;-)

Revision history for this message

elenhil (dobropalka) wrote on 2015-12-08:

#12

I do confirm
Ubuntu trusty, Kilo 1:2015.1.2-0ubuntu1~cloud0
the bug is still there

Revision history for this message

James Page (james-page) wrote on 2015-12-11:

#13

FTR you can always bring a launchpad bug to the attention of the Ubuntu OpenStack packaging team but raising a bug task against the Ubuntu package or against the Cloud Archive - no need to raise a different bug!

Changed in python-django-openstack-auth (Ubuntu):
status:	New → Fix Released
Changed in python-django-openstack-auth (Ubuntu Vivid):
status:	New → Triaged
importance:	Undecided → Medium

James Page (james-page) on 2016-03-11

Changed in python-django-openstack-auth (Ubuntu Vivid):
status:	Triaged → Won't Fix

Revision history for this message

James Page (james-page) wrote on 2016-03-11:

#14

1.1.9 uploaded to Kilo staging - will shortly be promoted to -proposed for testing.

Revision history for this message

James Page (james-page) wrote on 2016-03-11:

#15

cloud_get_work: Querying package list and versions from staging PPA.
cloud_get_work: Querying package list and versions from proposed PPA.
cloud_get_work: Checking for new candidates to sync to proposed PPA.
+------------------------------+-------------------------------+----------------+
| package | staging | proposed |
+------------------------------+-------------------------------+----------------+
| python-django-openstack-auth | 1.1.9-0ubuntu0.15.04.1~cloud0 | 1.1.7-1~cloud0 |
+------------------------------+-------------------------------+----------------+
cloud_get_work: Sync candidates - do some work...
cloud_get_work: Grabbing changes for python-django-openstack-auth

python-django-openstack-auth (1.1.9-0ubuntu0.15.04.1~cloud0) trusty-kilo; urgency=medium
.
* d/watch: Update watch file to monitor Debian pypi redirector.
* New upstream point release (LP: #1403037).
cloud_get_work: Syncing python-django-openstack-auth to kilo-proposed
Copy candidates:
python-django-openstack-auth 1.1.9-0ubuntu0.15.04.1~cloud0 in trusty
Candidate copy target: https://api.launchpad.net/devel/~ubuntu-cloud-archive-private/+archive/ubuntu/kilo-proposed
1 package successfully copied.
cloud_get_work: Sending announce email for python-django-openstack-auth
cloud_get_work: Checking complete

tags:

added: verification-needed

Revision history for this message

James Page (james-page) wrote on 2016-03-18:

#16

Promoted to kilo-updates...

tags:

added: verification-done
removed: verification-needed

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.