Bug 806189
Summary: | User can not be redirected to accept terms page after first log in. | ||||||
---|---|---|---|---|---|---|---|
Product: | OKD | Reporter: | Yujie Zhang <yujzhang> | ||||
Component: | Website | Assignee: | Fotios Lindiakos <fotios> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 2.x | CC: | ccoleman, jkeck, mhicks, rmillner, xtian | ||||
Target Milestone: | --- | Keywords: | Triaged | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-04-27 20:46:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Yujie Zhang
2012-03-23 07:20:14 UTC
This looks like a combination of several changes, some of which may have been intentional (for the terms signup story). When a user signs up, they have to log in for the first time, which sets the rh_sso cookie. However, the block of code which handles terms only gets called if you visit the OpenShift site with a valid rh_sso cookie (meaning you logged in via the Redhat.com main site) but without our session cookie. So the terms are intentionally bypassed until you access the site without the session cookie but with an rh_sso cookie (which is unlikely to occur). I think what should be happening is that the login flow should check once per session for the list of terms the user must accept, and then redirect them to the terms UI. If the user accepts the terms, or if he has no terms to accept, then the session should contain a boolean like :complete = true which indicates that the check has been completed. 1) User accesses protected page and is authenticated 2) Check token age 3) Check whether user has the cloud_access_1 role 4) Check whether the user has any unacknowledged terms (redirect to terms page if so) 5) If everything passes, set session[:complete] = true which bypasses the role and terms checks on subsequent URLs as long as the session is valid. Fotios, assigning to you since this is under your story. Double check if anything I said above doesn't make sense or is different than what you think should happen. Also, if the terms service fails or is unavailable, we should let the user through (don't want to prevent login because of that), and should have a 5-10s timeout (dunno what we have now). Because signed up users have to accept the terms on the signup page, and this works when already logged in as an RHN account, I think we can afford not to deliver this this sprint as long as it's correct next sprint. Yujie, can we reduce the priority on this to medium? As noted before this is in code that hasn't changed in the last few sprints, and while it might be annoying, only happens once per user on their second login. We should fix it, but I don't know if it's the blocking issue for the sprint. (In reply to comment #2) > Yujie, can we reduce the priority on this to medium? As noted before this is > in code that hasn't changed in the last few sprints, and while it might be > annoying, only happens once per user on their second login. We should fix it, > but I don't know if it's the blocking issue for the sprint. Hi, Clayton. The current situation is the terms are even not required to accept almost all the time, after I register an new user , and log in without need to accept to terms, then I could do anything like creating app, I think we need to fix it in this sprint if accept terms is important, and can not reduce its priority. The attachment below is the log flow while I'm logging in with a new user, hope it could help you to debug. Thanks Created attachment 572912 [details]
Login flow log
The bottom of the signup screen clearly lists the terms and says that by signing up you accept them - from a legal perspective the two steps are considered identical (and in a future sprint that will be the only way to accept terms, once Streamline support for accepting all terms on signup is complete). OK, since we already refer the terms in signup page, then it's ok to reduce the priority, thanks for clarification. Reducing the priority to low since it was decided above not to block the sprint on this. This flow is being taken care of with the new login code (R&D for this sprint and being delivered next sprint). I'm going to hold off making the change now so as not to mess with the current logic. (In reply to comment #8) Still has this issue on devenv_1713, could you please check it again ? We couldn't make the change this sprint because of other priorities. It's going to go in next sprint for sure. (In reply to comment #10) Ok, then we will wait for the next sprint, thanks. Tested this issue on devenv_1730, the user will be taken to accept term page when first log in, verify this bug. The current workflow is as following: 1)register 2)confirm 3)first login 4)accept terms 5)logged in Btw, the user can access all the marketing pages without accepting terms when first login. |