Bug 1420286

Summary:	Insights not showing login form on session timeout
Product:	Red Hat Satellite 5	Reporter:	Radovan Drazny <rdrazny>
Component:	redhat-access-plugin-sat5	Assignee:	Lindani Phiri <lphiri>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Radovan Drazny <rdrazny>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	580	CC:	ahecox, chenders, lphiri, tkasparek, tlestach
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	redhat-access-plugin-sat5-2.1.0-56	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-06-21 12:17:35 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1427060

Description Radovan Drazny 2017-02-08 11:11:47 UTC

Description of problem:
Normally, when user web session with Satellite WebUI times out, any subsequent click on any link forces login form to appear, and continues after submitting user credentials. Insights doesn't show login form but reports "No systems are registered." instead.

Version-Release number of selected component (if applicable):
redhat-access-plugin-sat5-2.1.0-54.el6sat

How reproducible:
always

Steps to Reproduce:
1. Make sure you have a few systems registered to Satellite
2. Login to Satellite WebUI and go to Systems->Insights->Setup. List of systems registered to the Satellite is displayed, doesn't matter if they are registered to Insights or not.
3. You can wait for session timeout, or go faster way - open same Satellite page in another browser tab, and logout there.

Actual results:
Click on Insights->Overview and then Insights->Setup in the original browser tab. Overview page still shows last status message. Setup page shows "No systems are registered"

Expected results:
Insights should correctly detect that user is not logged in anymore, and display login form instead of misleading info.

Comment 2 Radovan Drazny 2017-04-25 09:30:07 UTC

Tested with redhat-access-plugin-sat5-2.1.0-56.el6sat.

Following the reproducer from the original report, Insights WebUI correctly displays login page when accessing Systems->Insights->Setup page. When accessing Systems->Insights->Overview page, it still displays last status message, logged out user is not detected. 
Lindani, is it possible to add "user is logged in" detection for Overview page as well?

Comment 3 Lindani Phiri 2017-04-25 14:06:47 UTC

Radovan,

Yes, the overview page issue is known limitation of the current solution - it happens because on that page we pre-load all the *summary*  data and never contact the server again - if you attempt to drill down to get more information you should be logged out.

Lindani

Comment 4 Radovan Drazny 2017-04-26 09:26:38 UTC

(In reply to Lindani Phiri from comment #3)
> Radovan,
> 
> Yes, the overview page issue is known limitation of the current solution -
> it happens because on that page we pre-load all the *summary*  data and
> never contact the server again - if you attempt to drill down to get more
> information you should be logged out.
> 
> Lindani

Yes, that's what I thought. Ok, I have checked the overview page. Any other click forces the login form to appear. An attempt to download CSV ends with a message "{"message":"A valid session cookie or valid systemid header was not found on the request."}". Not too elegant, but secure. 

VERIFIED