Logins not honoring all org unit timeout settings

Bug #1693035 reported by Michele Morgan on 2017-05-23
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evergreen
Medium
Unassigned
2.12
Medium
Unassigned
3.1
Medium
Unassigned

Bug Description

Evergreen 2.11, 2.12

We're seeing that all staff logins appear to be using the auth.staff_timeout ou setting at the top of the org tree, rather than the timeouts set further down the tree. I suspect this is also true for other login types.

For example, CONS has an auth.staff_timeout set at 14400 (4 hrs), BR1 has the timeout set at 28800 (8 hrs).

When a user with home library BR1 logs in at BR1, they are getting a timeout of 4 hours when they should be getting 8 hours.

Here are some log entries from a test system:

User 238 has home library of BR1.

open-ils.auth_internal 2017-05-22 12:43:21 [INFO:22563:osrf_application.c:1070:149501670853645] CALL: open-ils.auth_internal open-ils.auth_internal.session.create {"user_id":238,"org_unit":0,"login_type":"staff","workstation":"BR1-MIchele"}
open-ils.auth_internal 2017-05-22 13:02:53 [INFO:22563:osrf_application.c:1070:1495016708537019] CALL: open-ils.auth_internal open-ils.auth_internal.session.create {"user_id":238,"org_unit":0,"login_type":"staff","workstation":"BR1-MIchele"}

No matter what user logs in, staff, opac, etc., log entries always report: "org_unit":0. I have not verified that login types other than staff get the setting at the top of the tree, but we are definitely seeing it for staff logins on our production system (2.11).

Bill Erickson (berick) on 2017-10-17
Changed in evergreen:
status: New → Confirmed
assignee: nobody → Bill Erickson (berick)
Bill Erickson (berick) wrote :

Fix pushed:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/lp1693035-auth-org-settings-global

This patch solidifies the precedence order for OUS lookups during login like so:

1. Workstation org unit.
2. API org unit value.
3. Users' home org unit.

Note that this does not affect which org unit is used for permissions or for applying a ws_ou value to the user when no workstation is provided. Those are consistent w/ previous behavior.

Changed in evergreen:
milestone: none → 3.0.1
assignee: Bill Erickson (berick) → nobody
tags: added: pullrequest
Changed in evergreen:
milestone: 3.0.1 → 3.0.2
Galen Charlton (gmc) wrote :

Tested and signed off with a minor tweak. Branch is user/gmcharlt/lp1724915_signoff

Galen Charlton (gmc) wrote :

^ Whoops, ignore that. Wrong bug.

Changed in evergreen:
milestone: 3.0.2 → 3.0.3
Changed in evergreen:
milestone: 3.0.3 → 3.0.4
Changed in evergreen:
milestone: 3.0.4 → 3.0.5
Changed in evergreen:
milestone: 3.0.5 → 3.0.6
Changed in evergreen:
milestone: 3.0.6 → 3.0.7
Changed in evergreen:
milestone: 3.0.7 → 3.0.8
Bill Erickson (berick) on 2018-04-30
Changed in evergreen:
assignee: nobody → Bill Erickson (berick)
Bill Erickson (berick) on 2018-04-30
Changed in evergreen:
assignee: Bill Erickson (berick) → nobody
Michele Morgan (mmorgan) on 2018-05-24
Changed in evergreen:
assignee: nobody → Michele Morgan (mmorgan)
Michele Morgan (mmorgan) wrote :

Thanks Bill! This works for me! Tested this fix as follows:

Set auth.staff_timeout for CONS at 30 seconds

Logged in at BR1 - login timed out at 30 seconds

Set auth.staff_timeout for BR1 at 15 seconds

Logged in at BR1 - login timed out at 15 seconds

Set auth.staff_timeout for CONS at 15 seconds and auth.staff_timeout for BR1 at 30 seconds

Logged in at BR1 - login timed out at 30 seconds

Also did similar testing for auth.opac_timeout and those timeouts also obeyed the timeouts according to the org unit hierarchy.

My signoff branch is at:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/mmorgan/lp1693035-auth-org-settings-global-signoff

tags: added: signedoff
Changed in evergreen:
assignee: Michele Morgan (mmorgan) → nobody
Galen Charlton (gmc) wrote :

Pushed to master, rel_3_1, and rel_3_0. Thanks, Bill and Michele!

Changed in evergreen:
assignee: nobody → Galen Charlton (gmc)
status: Confirmed → Fix Committed
assignee: Galen Charlton (gmc) → nobody
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers