Bug 1214611

Summary: <Save> button is invisible if weak password was provided
Product: Red Hat Enterprise Virtualization Manager Reporter: Pavel Zhukov <pzhukov>
Component: ovirt-nodeAssignee: Ryan Barry <rbarry>
Status: CLOSED ERRATA QA Contact: wanghui <huiwa>
Severity: low Docs Contact:
Priority: medium    
Version: 3.5.1CC: cshao, fdeutsch, gklein, huiwa, leiwang, lsurette, pzhukov, rbarry, yaniwang, ycui, ykaul
Target Milestone: ovirt-3.6.1   
Target Release: 3.6.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-node-3.3.0-0.10.20150928gite7ee3f1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-09 14:27:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Pavel Zhukov 2015-04-23 08:35:18 UTC
Description of problem:
Seems like rhevh TUI has additional security level 
"Security" screen: If user provided weak password huge warning message pushes "Save-Reset" buttons down and they're gone

Version-Release number of selected component (if applicable):
rhev-hypervisor6-6.6-20150421.0.iso

How reproducible:
100%

Steps to Reproduce:
1. Go to security screen
2. Enter password "11111"


Actual results:
Save and Reset "buttons" disappears

Expected results:


Additional info:

Comment 1 wanghui 2015-05-26 02:43:08 UTC
Hi Pavel,

I just need to confirm with you one thing. Whether you used ssh connection with '80*24' as the terminal size. I can reproduce your issue when the terminal size in some range. But I can not reproduce this issue when you use full screen or larger screen size.

Test version:
rhev-hypervisor6-6.6-20150421.0.iso


Test steps:
1. Clean install rhev-hypervisor6-6.6-20150421.0.iso
2. Enabled network and ssh
3. SSH rhevh from fedora terminal and the terminal size set as '80*24'
4. Go to security screen
5. Enter password "11111"

Test result:
1. After step5, Save and Reset "buttons" disappears

Please confirm whether the steps are correct or not. Thanks.

Hui Wang

Comment 2 Pavel Zhukov 2015-05-26 06:52:18 UTC
(In reply to wanghui from comment #1)

> 
> Please confirm whether the steps are correct or not. Thanks.
> 
Hi, The steps are correct.
Thank you
> Hui Wang

Comment 3 wanghui 2015-08-12 05:51:37 UTC
(In reply to Pavel Zhukov from comment #2)
> (In reply to wanghui from comment #1)
> 
> > 
> > Please confirm whether the steps are correct or not. Thanks.
> > 
> Hi, The steps are correct.
> Thank you
> > Hui Wang

Thanks for you ack.

So Virt-qe can reproduce this as follows.

Test steps:
1. Clean install rhev-hypervisor6-6.6-20150421.0.iso
2. Enabled network and ssh
3. SSH rhevh from fedora terminal and the terminal size set as '80*24'
4. Go to security screen
5. Enter password "11111"

Test result:
1. After step5, Save and Reset "buttons" disappears.

Comment 4 Ryan Barry 2015-08-27 19:11:24 UTC
We can detect the console size and truncate this message, but I'm personally in favor of leaving it -- the save button is disabled if a weak password was provided anyway, and providing explicit information to users about what passwords will pass validation seems worth the cost of hiding the save button, but I'll discuss.

Comment 5 Pavel Zhukov 2015-08-28 08:02:16 UTC
(In reply to Ryan Barry from comment #4)
> We can detect the console size and truncate this message, but I'm personally
> in favor of leaving it -- the save button is disabled if a weak password was
> provided anyway
What version are you talking about? I have few installation with "standard" weak password installed and save button is enabled (3.5.4)

Comment 6 Ryan Barry 2015-08-28 14:50:00 UTC
(In reply to Pavel Zhukov from comment #5)
> What version are you talking about? I have few installation with "standard"
> weak password installed and save button is enabled (3.5.4)

Ah, you're right. I just tested with a very short password, which disabled the save button for another reason. I'll see how much we can trim down the message and still keep it useful.

Comment 8 wanghui 2015-10-26 06:32:46 UTC
Test version:
rhev-hypervisor7-7.2-20151025.0.el7ev
ovirt-node-3.3.0-0.18.20151022git82dc52c.el7ev.noarch

Test steps:
1. Clean install rhev-hypervisor7-7.2-20151025.0.el7ev
2. Enabled network and ssh
3. SSH rhevh from fedora terminal and the terminal size set as '80*24'
4. Go to security screen
5. Enter password "11111"

Test result:
1. After step5, Save and Reset "buttons" disappears.

So this bug is not fixed in ovirt-node-3.3.0-0.18.20151022git82dc52c.el7ev.noarch. Change the status to assigned.

Comment 9 Sandro Bonazzola 2015-10-26 12:29:44 UTC
this is an automated message. oVirt 3.6.0 RC3 has been released and GA is targeted to next week, Nov 4th 2015.
Please review this bug and if not a blocker, please postpone to a later release.
All bugs not postponed on GA release will be automatically re-targeted to

- 3.6.1 if severity >= high
- 4.0 if severity < high

Comment 10 Ryan Barry 2015-10-26 15:04:38 UTC
The upstream patch was never merged. This should never have been ON_QA to begin with.

Comment 12 wanghui 2015-11-24 03:12:41 UTC
No build to verify this time. Virt-qe will verify this once we get build.

Comment 13 wanghui 2015-12-11 04:17:47 UTC
Test version:
rhev-hypervisor7-7.2-20151201.2
ovirt-node-3.6.0-0.23.20151201git5eed7af.el7ev.noarch

Test step:
1. Clean install rhev-hypervisor7-7.2-20151201.2
2. Enabled network and ssh
3. SSH rhevh from fedora terminal and the terminal size set as '80*24'
4. Go to security screen
5. Enter password "11111"

Test result:
1. After step5, Save and Reset "buttons" disappears.

So this bug is fixed in ovirt-node-3.6.0-0.23.20151201git5eed7af.el7ev.noarch. Change the status to verified.

Comment 15 errata-xmlrpc 2016-03-09 14:27:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0378.html