1258271 – Incorrect AuthRecord.VALID_TO value

Bug 1258271 - Incorrect AuthRecord.VALID_TO value

Summary: Incorrect AuthRecord.VALID_TO value

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine-extension-aaa-jdbc
Classification:	oVirt
Component:	General
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-3.6.0-rc
Target Release:	1.0.0
Assignee:	Martin Perina
QA Contact:	Ondra Machacek
Docs Contact:
URL:
Whiteboard:	infra
Depends On:	1258275
Blocks:	1076971
TreeView+	depends on / blocked

Reported:	2015-08-30 21:33 UTC by Alon Bar-Lev
Modified:	2016-02-10 19:14 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-11-04 13:38:06 UTC
oVirt Team:	Infra
Embargoed:
Flags:	ylavi: ovirt-3.6.0? rule-engine: planning_ack? rule-engine: devel_ack+ rule-engine: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	46223	master	MERGED	core: Fix time zone handling	Never
oVirt gerrit	46937	master	MERGED	core: Fix timezone handling of user's unlock_time	Never
oVirt gerrit	46945	ovirt-engine-extension-aaa-jdbc-1.0	MERGED	core: Fix timezone handling of user's unlock_time	Never
oVirt gerrit	46998	master	MERGED	core: Fixes saving timestamps to db	Never
oVirt gerrit	47022	ovirt-engine-extension-aaa-jdbc-1.0	MERGED	core: Fixes saving timestamps to db	Never

Description Alon Bar-Lev 2015-08-30 21:33:29 UTC

By documentation should be:

        /**
         * Session valid to.
         * Application should expire session at most at this time.
         * Format: "yyyyMMddHHmmssZ".
         */
        public static final ExtKey VALID_TO = new ExtKey("AAA_AUTHN_AUTH_RECORD_VALID_TO", String.class, "b332d076-5f4d-419f-8fdf-015579f4dfa6");

In practice it contains timezone, example: 20150907002911+0300

Causes exception while parsing.

Comment 1 Alon Bar-Lev 2015-08-30 21:34:38 UTC

Side note: please handle all internal time as UTC even in log, I see:

2015-08-31 00:29:11,496 INFO  [org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-44) [] (house keeping) deleting failed logins prior to 2015-08-24 00:29:11+03.
2015-08-31 00:29:11,507 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default task-44) [] Authenticating subject:admin login time:2015-08-31 00:29:11+03

Comment 2 Alon Bar-Lev 2015-08-30 21:52:53 UTC

Confusion may has been created since java parses Z as timezone, while all dates within API should be utc 'Z' timezone.

Comment 3 Alon Bar-Lev 2015-08-30 22:03:04 UTC

(In reply to Alon Bar-Lev from comment #2)
> Confusion may has been created since java parses Z as timezone, while all
> dates within API should be utc 'Z' timezone.

worse, engine is also effected, see bug#1258275.

Comment 4 Alon Bar-Lev 2015-09-08 14:53:28 UTC

Please push this forward.

Comment 5 Martin Perina 2015-09-09 08:50:24 UTC

So, you want internally aaa-jdbc to work with timestamps in UTC timezone only (all time related fields in db will have UTC timezone set) and all user inputs with different timezones to be converted into UTC, right?

Comment 6 Alon Bar-Lev 2015-09-09 08:52:10 UTC

(In reply to Martin Perina from comment #5)
> So, you want internally aaa-jdbc to work with timestamps in UTC timezone
> only (all time related fields in db will have UTC timezone set) and all user
> inputs with different timezones to be converted into UTC, right?

in extension interface UTC with Z timezone should be provided, this is the minimum required change.

Comment 7 Martin Perina 2015-09-23 09:57:45 UTC

Fixed in ovirt-engine-extension-aaa-jdbc-1.0.0-0.0.master.20150923074938.git46a67c9

Comment 8 Martin Perina 2015-09-29 07:09:22 UTC

Fix contained in oVirt 3.6.0 RC1

Comment 9 Ondra Machacek 2015-09-29 09:56:11 UTC

2015-09-29 11:55:27,483 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (ajp-/127.0.0.1:8702-10) [] Authenticating subject:admin login time:2015-09-29 09:55:27Z

Comment 10 Ondra Machacek 2015-10-05 10:42:17 UTC

Returning back to assigned, since times are incorrectly stored in DB.

In timezone UTC+2 when I login as user at time 12:38, the db record looks like - "2015-10-05 10:38:45.539+02" and should be "2015-10-05 12:38:45.539+02".

In the log I can see correct conversion of current login time:
2015-10-05 12:38:45,539 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default task-11) [] Authenticating subject:admin login time:2015-10-05 10:38:45Z

Comment 11 Martin Perina 2015-10-06 17:50:36 UTC

Fix contained in ovirt-engine-extension-aaa-jdbc-1.0.0

Comment 12 Martin Perina 2015-10-15 10:14:34 UTC

ovirt-engine-extension-aaa-jdbc-1.0.0-2 is contained in oVirt 3.6.0 RC2

Comment 13 Ondra Machacek 2015-10-16 12:45:39 UTC

OK in ovirt-engine-extension-aaa-jdbc-1.0.0-2.el6ev.noarch

Comment 14 Red Hat Bugzilla Rules Engine 2015-10-18 08:21:38 UTC

Fixed bug tickets must have version flags set prior to fixing them. Please set the correct version flags and move the bugs back to the previous status after this is corrected.

Comment 15 Sandro Bonazzola 2015-11-04 13:38:06 UTC

oVirt 3.6.0 has been released on November 4th, 2015 and should fix this issue.
If problems still persist, please open a new BZ and reference this one.

Note You need to log in before you can comment on or make changes to this bug.