Bug 1430835

Summary: CSRF tokens are erroneously being checked for external authentication
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: UI - OPSAssignee: Martin Povolny <mpovolny>
Status: CLOSED ERRATA QA Contact: Matt Pusateri <mpusater>
Severity: high Docs Contact:
Priority: high    
Version: 5.7.0CC: cpelland, hkataria, jhardy, mfalesni, mpovolny, obarenbo, simaishi
Target Milestone: GAKeywords: ZStream
Target Release: 5.7.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: auth:externalauth
Fixed In Version: 5.7.2.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1429011 Environment:
Last Closed: 2017-04-12 14:44:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On: 1429011    
Bug Blocks:    

Comment 2 CFME Bot 2017-03-09 18:31:10 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/337e83a28256a149aa8a61bec71cb2af2e57796f

commit 337e83a28256a149aa8a61bec71cb2af2e57796f
Author:     Milan Zázrivec <mzazrivec>
AuthorDate: Wed Mar 8 09:42:12 2017 +0100
Commit:     Satoe Imaishi <simaishi>
CommitDate: Thu Mar 9 13:28:51 2017 -0500

    Merge pull request #595 from martinpovolny/csrf_skip
    
    Adding an exception for forgery token for external auth.
    (cherry picked from commit 5fa64da998d2d758e289afb6a19d626ea3bc6f3d)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1430835

 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Matt Pusateri 2017-04-03 14:01:35 UTC 
Verified against 5.7.2.0 FreeIPA/AD auth providers
Comment 4 errata-xmlrpc 2017-04-12 14:44:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0898