Bug 1150586
| Summary: | On first login attempt, LDAP user remains on login screen without any message when - Enable Login Without Roles=No and there is no mapping between JON roles and LDAP groups. | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Sunil Kondkar <skondkar> |
| Component: | UI, Security | Assignee: | Jirka Kremser <jkremser> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Sunil Kondkar <skondkar> |
| Severity: | medium | Docs Contact: | Jared MORGAN <jmorgan> |
| Priority: | high | ||
| Version: | JON 3.3.0 | CC: | hrupp, jkremser, loleary, mmurray |
| Target Milestone: | ER05 | Keywords: | Reopened |
| Target Release: | JON 3.3.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-12-11 14:02:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1070277 | ||
|
Description
Sunil Kondkar
2014-10-08 13:09:23 UTC
sorry about the mistake in 2nd step in Steps to Reproduce: The second step is: 2. There is no mapping between JON roles and LDAP groups. Although it looks easily, it would be too much of an effort to fix this little issue without completely changing the workflow used for logging in and using LDAP and subsequent registration. The logic in behind works as expected, there was no requirement to notify the user about the circumstances. Thus, I am closing this bug. Re-opening this as this is a usability issue. The requirement does clearly state that upon first login attempt that the warning message indicating the user is not authorized be displayed. I partially agree with Larry. JON3-39 says: "If he doesn't, JON blocks it redirecting the user back to the login page with a warn message (e.g.: "Your user account doesn't have permission to access JON"). If user does have the roles, just login him normally." The requirement is not as I understand to only show this on 1st login attempt only, so the existing workflow could stay, but would need to additionally print the message. To be clear, what it does right now is: User without any role trying to login to JON where it is not allowed to login without a role is not allowed to login :) The information that is displayed in this case is "The username or password provided does not match our records." (i.e. standard wrong credentials message we dispaly). In JON3-39 Larry suggests displaying "Your user account doesn't have permission to access JON". This is the only difference, the message. During the developer demo, everyone were fine with that. I can look into that, but to me it doesn't worth the effort, because It would required some refactoring. Perhaps some context has been left out. As for the message, the requirement is that an invalid login warning is displayed. The message itself was only a suggestion. After further discussion, it was decided that the invalid user/password -- standard login failure -- message is what we should display. The reason this BZ has be re-opened is due to the fact that the failure message MUST be displayed on every login attempt including the first one. I missed the fact that there is not message during the very first attempt. Here is the fix: branch: master link: https://github.com/rhq-project/rhq/commit/adc7dabe5 time: 2014-10-17 18:07:14 +0200 commit: adc7dabe5caaf85c807d58ce0cbebd086106d33f author: Jirka Kremser - jkremser message: [BZ 1150586] - On first login attempt, LDAP user remains on login screen without any message when - Enable Login Without Roles=No and there is no mapping between JON roles and LDAP groups. - Displaying the generic error message for the first attemnt as well. Also disabling the login button, during the login procedure, because login using LDAP takes some time and we don't want users to click on the button invoking another checks. branch: release/jon3.3.x link: https://github.com/rhq-project/rhq/commit/bc5515002 time: 2014-10-17 19:26:53 +0200 commit: bc55150027b8a7760e1984c65c581d94accba611 author: Jirka Kremser - jkremser message: [BZ 1150586] - On first login attempt, LDAP user remains on login screen without any message when - Enable Login Without Roles=No and there is no mapping between JON roles and LDAP groups. - Displaying the generic error message for the first attemnt as well. Also disabling the login button, during the login procedure, because login using LDAP takes some time and we don't want users to click on the button invoking another checks. (cherry picked from commit adc7dabe5caaf85c807d58ce0cbebd086106d33f) Signed-off-by: Jirka Kremser <jkremser> Moving to ON_QA as available to test with the latest brew build: https://brewweb.devel.redhat.com//buildinfo?buildID=394734 Verified on Version :JON 3.3.0.ER05 Build Number : 92b6d6a:2cdb528 When Enable Login Without Roles = No and LDAP user is not mapped to any JON roles, in the first LDAP login attempt, UI displays the message "The username or password provided does not match our records. Please, fill in the fields again." Verified that Login button is disabled until the message is displayed in UI. |