Bug 1258271 - Incorrect AuthRecord.VALID_TO value
Incorrect AuthRecord.VALID_TO value
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine-extension-aaa-jdbc
Classification: oVirt
Component: General (Show other bugs)
1.0.0
Unspecified Unspecified
unspecified Severity high (vote)
: ovirt-3.6.0-rc
: 1.0.0
Assigned To: Martin Perina
Ondra Machacek
infra
: CodeChange
Depends On: 1258275
Blocks: 1076971
  Show dependency treegraph
 
Reported: 2015-08-30 17:33 EDT by Alon Bar-Lev
Modified: 2016-02-10 14:14 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-04 08:38:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ylavi: ovirt‑3.6.0?
rule-engine: planning_ack?
rule-engine: devel_ack+
rule-engine: testing_ack+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 46223 master MERGED core: Fix time zone handling Never
oVirt gerrit 46937 master MERGED core: Fix timezone handling of user's unlock_time Never
oVirt gerrit 46945 ovirt-engine-extension-aaa-jdbc-1.0 MERGED core: Fix timezone handling of user's unlock_time Never
oVirt gerrit 46998 master MERGED core: Fixes saving timestamps to db Never
oVirt gerrit 47022 ovirt-engine-extension-aaa-jdbc-1.0 MERGED core: Fixes saving timestamps to db Never

  None (edit)
Description Alon Bar-Lev 2015-08-30 17:33:29 EDT
By documentation should be:

        /**
         * Session valid to.
         * Application should expire session at most at this time.
         * Format: "yyyyMMddHHmmssZ".
         */
        public static final ExtKey VALID_TO = new ExtKey("AAA_AUTHN_AUTH_RECORD_VALID_TO", String.class, "b332d076-5f4d-419f-8fdf-015579f4dfa6");

In practice it contains timezone, example: 20150907002911+0300

Causes exception while parsing.
Comment 1 Alon Bar-Lev 2015-08-30 17:34:38 EDT
Side note: please handle all internal time as UTC even in log, I see:

2015-08-31 00:29:11,496 INFO  [org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-44) [] (house keeping) deleting failed logins prior to 2015-08-24 00:29:11+03.
2015-08-31 00:29:11,507 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default task-44) [] Authenticating subject:admin login time:2015-08-31 00:29:11+03
Comment 2 Alon Bar-Lev 2015-08-30 17:52:53 EDT
Confusion may has been created since java parses Z as timezone, while all dates within API should be utc 'Z' timezone.
Comment 3 Alon Bar-Lev 2015-08-30 18:03:04 EDT
(In reply to Alon Bar-Lev from comment #2)
> Confusion may has been created since java parses Z as timezone, while all
> dates within API should be utc 'Z' timezone.

worse, engine is also effected, see bug#1258275.
Comment 4 Alon Bar-Lev 2015-09-08 10:53:28 EDT
Please push this forward.
Comment 5 Martin Perina 2015-09-09 04:50:24 EDT
So, you want internally aaa-jdbc to work with timestamps in UTC timezone only (all time related fields in db will have UTC timezone set) and all user inputs with different timezones to be converted into UTC, right?
Comment 6 Alon Bar-Lev 2015-09-09 04:52:10 EDT
(In reply to Martin Perina from comment #5)
> So, you want internally aaa-jdbc to work with timestamps in UTC timezone
> only (all time related fields in db will have UTC timezone set) and all user
> inputs with different timezones to be converted into UTC, right?

in extension interface UTC with Z timezone should be provided, this is the minimum required change.
Comment 7 Martin Perina 2015-09-23 05:57:45 EDT
Fixed in ovirt-engine-extension-aaa-jdbc-1.0.0-0.0.master.20150923074938.git46a67c9
Comment 8 Martin Perina 2015-09-29 03:09:22 EDT
Fix contained in oVirt 3.6.0 RC1
Comment 9 Ondra Machacek 2015-09-29 05:56:11 EDT
2015-09-29 11:55:27,483 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (ajp-/127.0.0.1:8702-10) [] Authenticating subject:admin login time:2015-09-29 09:55:27Z
Comment 10 Ondra Machacek 2015-10-05 06:42:17 EDT
Returning back to assigned, since times are incorrectly stored in DB.

In timezone UTC+2 when I login as user at time 12:38, the db record looks like - "2015-10-05 10:38:45.539+02" and should be "2015-10-05 12:38:45.539+02".

In the log I can see correct conversion of current login time:
2015-10-05 12:38:45,539 DEBUG [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default task-11) [] Authenticating subject:admin login time:2015-10-05 10:38:45Z
Comment 11 Martin Perina 2015-10-06 13:50:36 EDT
Fix contained in ovirt-engine-extension-aaa-jdbc-1.0.0
Comment 12 Martin Perina 2015-10-15 06:14:34 EDT
ovirt-engine-extension-aaa-jdbc-1.0.0-2 is contained in oVirt 3.6.0 RC2
Comment 13 Ondra Machacek 2015-10-16 08:45:39 EDT
OK in ovirt-engine-extension-aaa-jdbc-1.0.0-2.el6ev.noarch
Comment 14 Red Hat Bugzilla Rules Engine 2015-10-18 04:21:38 EDT
Fixed bug tickets must have version flags set prior to fixing them. Please set the correct version flags and move the bugs back to the previous status after this is corrected.
Comment 15 Sandro Bonazzola 2015-11-04 08:38:06 EST
oVirt 3.6.0 has been released on November 4th, 2015 and should fix this issue.
If problems still persist, please open a new BZ and reference this one.

Note You need to log in before you can comment on or make changes to this bug.