Bug 877291
Summary: | OpenId: Failed signed in with a Fedora account | ||
---|---|---|---|
Product: | [Retired] Zanata | Reporter: | Ding-Yi Chen <dchen> |
Component: | Authentication-OpenID | Assignee: | Carlos Munoz <camunoz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ding-Yi Chen <dchen> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.0 | CC: | pahuang, zanata-bugs |
Target Milestone: | --- | ||
Target Release: | 2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 2.0.3-SNAPSHOT (20121129-1430) | Doc Type: | Bug Fix |
Doc Text: |
Cause:
Zanata caches the credentials input by the user and incorrectly assumes that if they have the same username/password as previously failed login attempts, then they must be invalid.
Consequence:
Some valid authentication attempts may fail.
Fix:
Reset Zanata's session cached user credentials after a failed login attempt to prevent this behavior.
Result:
Zanata should now validate every single login attempt and legitimate and valid user credentials will be accepted.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-26 03:46:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ding-Yi Chen
2012-11-16 07:15:03 UTC
This is caused by a very particular scenario where a login attempt fails initially with internal authentication, followed by another attempt to login with the same user name but using any open id authentication. Since open id does not care for any provided password, Zanata assumes that because the user name is the same and the password has not changed since the last attempt, that the login must be invalidated. Other scenarios might cause the issue to be seen, like enabling an account and subsequently re-trying to log in. The solution for this is to reset the account credentials after every failed login attempt. See: https://github.com/zanata/zanata/commit/4eb4911f5254bce9b6565512f23f3eb25df2974c Tested with Zanata version 2.0.3-SNAPSHOT (20121128-1507) Problem is not fixed. However. Zanata version 2.1-SNAPSHOT (20121128-1048) is fixed. Please apply the fixed to release branch. Back-ported this fix to release branch (2.0.x). See: https://github.com/zanata/zanata/commit/4fcdf63cd515ab52a2f8928bc3df46cdb2684712 VERIFIED with Zanata version 2.0.3-SNAPSHOT (20121129-1430) |