Bug 1430835 - CSRF tokens are erroneously being checked for external authentication
Summary: CSRF tokens are erroneously being checked for external authentication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.7.2
Assignee: Martin Povolny
QA Contact: Matt Pusateri
URL:
Whiteboard: auth:externalauth
Depends On: 1429011
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-09 16:50 UTC by Satoe Imaishi
Modified: 2022-07-09 08:24 UTC (History)
7 users (show)

Fixed In Version: 5.7.2.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1429011
Environment:
Last Closed: 2017-04-12 14:44:24 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0898 0 normal SHIPPED_LIVE Moderate: cfme, cfme-appliance, and cfme-gemset security, bug fix, and enhancement update 2017-04-12 18:31:08 UTC

Comment 2 CFME Bot 2017-03-09 18:31:10 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/337e83a28256a149aa8a61bec71cb2af2e57796f

commit 337e83a28256a149aa8a61bec71cb2af2e57796f
Author:     Milan Zázrivec <mzazrivec>
AuthorDate: Wed Mar 8 09:42:12 2017 +0100
Commit:     Satoe Imaishi <simaishi>
CommitDate: Thu Mar 9 13:28:51 2017 -0500

    Merge pull request #595 from martinpovolny/csrf_skip
    
    Adding an exception for forgery token for external auth.
    (cherry picked from commit 5fa64da998d2d758e289afb6a19d626ea3bc6f3d)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1430835

 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Matt Pusateri 2017-04-03 14:01:35 UTC 
Verified against 5.7.2.0 FreeIPA/AD auth providers
Comment 4 errata-xmlrpc 2017-04-12 14:44:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0898
Note You need to log in before you can comment on or make changes to this bug.