Authentication required for capacity report

Request to /api/capacity/csv is sent without X-Auth-Token

Ok, we need to remove this hard-coded link

    https://github.com/stackforge/fuel-web/blob/master/nailgun/static/templates/capacity/page.html#L106

and handle this requests in JS part with X-Auth-Token header.

Well, the solution is not obvoius here. There are a few options:
1) Disable auth for that particular url (my favorite option as there is almost HCF)
2) Make generation asyncronous, just like we do it with diagnostic shapshot
3) Use https://github.com/eligrey/FileSaver.js/ . I don't like this option as it won't work for IE<10
4) Also accept tokens as get parameters

5) Also accept tokens as a cookie - this will also allow us to query api manually in browser

Let's go with option #1

Don't forget to create a bug then for 5.1.1 addressing this in a better way.

And, Daniele, thanks for the bug report!

Fix proposed to branch: master
Review: https://review.openstack.org/117795

This is actually critical bug, as according to description, it totally blocks important feature, which is required for commercial installations.

Reviewed: https://review.openstack.org/117795
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=f37b981161e6dabf212af4d7be9ef9f6a0de20af
Submitter: Jenkins
Branch: master

commit f37b981161e6dabf212af4d7be9ef9f6a0de20af
Author: Kamil Sambor <email address hidden>
Date: Fri Aug 29 15:57:33 2014 +0200

    Added capacity/log endpoint to public urls

    * added new test class
    * added tests
    * added capacity/log to public urls

    Change-Id: I3cdb8a3654d9da6e318bb3fa8ed8186c55b72aa7
    Closes-Bug: #1362615

Verified on ISO #11

"build_id": "2014-09-17_21-40-34", "ostf_sha": "64cb59c681658a7a55cc2c09d079072a41beb346", "build_number": "11", "auth_required": true, "api": "1.0", "nailgun_sha": "eb8f2b358ea4bb7eb0b2a0075e7ad3d3a905db0d", "production": "docker", "fuelmain_sha": "8ef433e939425eabd1034c0b70e90bdf888b69fd", "astute_sha": "f5fbd89d1e0e1f22ef9ab2af26da5ffbfbf24b13", "feature_groups": ["mirantis"], "release": "5.1", "release_versions": {"2014.1.1-5.1": {"VERSION": {"build_id": "2014-09-17_21-40-34", "ostf_sha": "64cb59c681658a7a55cc2c09d079072a41beb346", "build_number": "11", "api": "1.0", "nailgun_sha": "eb8f2b358ea4bb7eb0b2a0075e7ad3d3a905db0d", "production": "docker", "fuelmain_sha": "8ef433e939425eabd1034c0b70e90bdf888b69fd", "astute_sha": "f5fbd89d1e0e1f22ef9ab2af26da5ffbfbf24b13", "feature_groups": ["mirantis"], "release": "5.1", "fuellib_sha": "d9b16846e54f76c8ebe7764d2b5b8231d6b25079"}}}, "fuellib_sha": "d9b16846e54f76c8ebe7764d2b5b8231d6b25079"

Fix proposed to branch: master
Review: https://review.openstack.org/127223

Here are the commits related to this bug:

commit 9a8d01ff1ac54bb9c3c737bdb9ff5c0a688f3013
Author: Przemyslaw Kaminski <email address hidden>
Date: Mon Oct 6 16:00:24 2014 +0200

    Add cookie-based authentication along with X-Auth-Token

    - added jquery.cookie as Bower dependency
    - fixed keystone.py middleware to process the cookie and inject X-Auth-Token
      into the request, X-Auth-Token still has priority though
    - fixed 401 response format to return iterable (list)
    - added test_auth_token for testing both authentication methods

    Change-Id: I01239c93b8f0d5da95424d44c96f6fb60ab378fd
    Implements: blueprint access-control-master-node-improvments

These 2 are yet unmerged to master:

https://review.openstack.org/#/c/127219/

commit 207580c58842166ef516b36e5917be251b7472ec
Author: Przemyslaw Kaminski <email address hidden>
Date: Thu Oct 9 14:28:46 2014 +0200

    Bring back X-Auth-Token by default

    It seems that requests are made to other places than API so this
    token is still required there (Health check for example with OSTF).

    Change-Id: I2f0e47a57b360abd04f2ca21fc013ccd34d84eec
    Closes-Bug: #1379000

https://review.openstack.org/127223

commit d721deb0268942692402a32a8b81f5e8dff9c7e2
Author: Przemyslaw Kaminski <email address hidden>
Date: Thu Oct 9 14:45:23 2014 +0200

    Remove capacity/csv from public URLs

    With the new cookie-based authentication this download link does
    not need anymore to be publicly accessible (the X-Auth-Token header
    was the reason to first make the link public).

    Change-Id: If72bb8fe764810c565fc08f960db3e19ddaf4fb9
    Closes-Bug: #1362615
    Related-Bug: #1379000

Oh, and 1 more commit related to this:

commit 1b8b0f92448c7d630eed0ff69146e7befc772fc2
Author: Przemyslaw Kaminski <email address hidden>
Date: Fri Oct 3 13:22:35 2014 +0200

    Revoke token from keystone after user logout

    Also, add test_login_logout.js

    Change-Id: Ibf1660624d3441c249b319fa69eb3775c9716b9c
    Closes-Bug: #1375622

Related fix proposed to branch: stable/5.1
Review: https://review.openstack.org/127234

Change abandoned by Przemyslaw Kaminski (<email address hidden>) on branch: stable/5.1
Review: https://review.openstack.org/127234

Reviewed: https://review.openstack.org/127223
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=7bd6b11e6808eebdcb12310c3a13d2e9583a8f44
Submitter: Jenkins
Branch: master

commit 7bd6b11e6808eebdcb12310c3a13d2e9583a8f44
Author: Przemyslaw Kaminski <email address hidden>
Date: Thu Oct 9 14:45:23 2014 +0200

    Remove capacity/csv from public URLs

    With the new cookie-based authentication this download link does
    not need anymore to be publicly accessible (the X-Auth-Token header
    was the reason to first make the link public).

    Change-Id: If72bb8fe764810c565fc08f960db3e19ddaf4fb9
    Closes-Bug: #1362615
    Related-Bug: #1379000

Fix proposed to branch: stable/5.1
Review: https://review.openstack.org/127500

Reviewed: https://review.openstack.org/127500
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=88a94a11426d356540722593af1603e5089d442c
Submitter: Jenkins
Branch: stable/5.1

commit 88a94a11426d356540722593af1603e5089d442c
Author: Przemyslaw Kaminski <email address hidden>
Date: Thu Oct 9 14:45:23 2014 +0200

    Remove capacity/csv from public URLs

    With the new cookie-based authentication this download link does
    not need anymore to be publicly accessible (the X-Auth-Token header
    was the reason to first make the link public).

    Change-Id: If72bb8fe764810c565fc08f960db3e19ddaf4fb9
    Closes-Bug: #1362615
    Related-Bug: #1379000
    (cherry picked from commit 7bd6b11e6808eebdcb12310c3a13d2e9583a8f44)

Verified on ISO #17

"build_id": "2014-11-16_21-00-23", "ostf_sha": "64cb59c681658a7a55cc2c09d079072a41beb346", "build_number": "17", "auth_required": true, "api": "1.0", "nailgun_sha": "2fc6fc4261092a591779a8fb7e3fb1623c6abb85", "production": "docker", "fuelmain_sha": "b118fa4475833ce031ef189ce280772c676fa1c9", "astute_sha": "702af3db6f5bca92525bc8322d7d5d7675ec857e", "feature_groups": ["mirantis"], "release": "5.1.1", "release_versions": {"2014.1.3-5.1.1": {"VERSION": {"build_id": "2014-11-16_21-00-23", "ostf_sha": "64cb59c681658a7a55cc2c09d079072a41beb346", "build_number": "17", "api": "1.0", "nailgun_sha": "2fc6fc4261092a591779a8fb7e3fb1623c6abb85", "production": "docker", "fuelmain_sha": "b118fa4475833ce031ef189ce280772c676fa1c9", "astute_sha": "702af3db6f5bca92525bc8322d7d5d7675ec857e", "feature_groups": ["mirantis"], "release": "5.1.1", "fuellib_sha": "0d3909b9a291880af28dbe48b9c7d25215aa98ea"}}}, "fuellib_sha": "0d3909b9a291880af28dbe48b9c7d25215aa98ea"