1420286 – Insights not showing login form on session timeout

Bug 1420286 - Insights not showing login form on session timeout

Summary: Insights not showing login form on session timeout

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	redhat-access-plugin-sat5
Sub Component:
Version:	580
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lindani Phiri
QA Contact:	Radovan Drazny
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1427060
TreeView+	depends on / blocked

Reported:	2017-02-08 11:11 UTC by Radovan Drazny
Modified:	2017-06-21 12:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:	redhat-access-plugin-sat5-2.1.0-56
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-21 12:17:35 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Radovan Drazny 2017-02-08 11:11:47 UTC

Description of problem:
Normally, when user web session with Satellite WebUI times out, any subsequent click on any link forces login form to appear, and continues after submitting user credentials. Insights doesn't show login form but reports "No systems are registered." instead.

Version-Release number of selected component (if applicable):
redhat-access-plugin-sat5-2.1.0-54.el6sat

How reproducible:
always

Steps to Reproduce:
1. Make sure you have a few systems registered to Satellite
2. Login to Satellite WebUI and go to Systems->Insights->Setup. List of systems registered to the Satellite is displayed, doesn't matter if they are registered to Insights or not.
3. You can wait for session timeout, or go faster way - open same Satellite page in another browser tab, and logout there.

Actual results:
Click on Insights->Overview and then Insights->Setup in the original browser tab. Overview page still shows last status message. Setup page shows "No systems are registered"

Expected results:
Insights should correctly detect that user is not logged in anymore, and display login form instead of misleading info.

Comment 2 Radovan Drazny 2017-04-25 09:30:07 UTC

Tested with redhat-access-plugin-sat5-2.1.0-56.el6sat.

Following the reproducer from the original report, Insights WebUI correctly displays login page when accessing Systems->Insights->Setup page. When accessing Systems->Insights->Overview page, it still displays last status message, logged out user is not detected. 
Lindani, is it possible to add "user is logged in" detection for Overview page as well?

Comment 3 Lindani Phiri 2017-04-25 14:06:47 UTC

Radovan,

Yes, the overview page issue is known limitation of the current solution - it happens because on that page we pre-load all the *summary*  data and never contact the server again - if you attempt to drill down to get more information you should be logged out.

Lindani

Comment 4 Radovan Drazny 2017-04-26 09:26:38 UTC

(In reply to Lindani Phiri from comment #3)
> Radovan,
> 
> Yes, the overview page issue is known limitation of the current solution -
> it happens because on that page we pre-load all the *summary*  data and
> never contact the server again - if you attempt to drill down to get more
> information you should be logged out.
> 
> Lindani

Yes, that's what I thought. Ok, I have checked the overview page. Any other click forces the login form to appear. An attempt to download CSV ends with a message "{"message":"A valid session cookie or valid systemid header was not found on the request."}". Not too elegant, but secure. 

VERIFIED

Note You need to log in before you can comment on or make changes to this bug.