Hide Forgot
Description of problem: After a new user first log in, the user will be token to app/console/application_types page not the accept terms page. Version-Release number of selected component (if applicable): devenv_1670 How reproducible:always Steps to Reproduce: 1.Go to Openshift website and register a new account 2.Click the email confirm link and login with the new account 3. Actual results: After a new user first log in, the user will be token to app/console/application_types page not the accept terms page. Expected results: After a new user first log in, the user should be token to accept terms page. But during other operations,it will redirect to accept term page sometime. Additional info: After I registered the first time in the morning, I was redirected to accept terms correctly,but after that,I registered again,I met the above issue,and I was never redirected to the accept term page when I first log in, here is the log of the first time I registered and the log of the second time I registered: <The fist time I registered>: Started GET "/app/console/applications" for 203.114.244.88 at Thu Mar 22 23:01:26 -0400 2012 [Barista] Compiling all scripts for barista [Barista] Compiling all coffeescripts [Barista] Copying all javascripts Processing by ApplicationsController#index as HTML Checking for logout request Not a logout request, checking for cookie rh_sso cookie = '0|5Aa3Ve7sj3bjcgnfdeanfJNAFM9DDrWCieT' ======================================================== User does not have a authenticated session Looking up user based on rh_sso ticket Response from Streamline took (/wapps/streamline/cloudVerify.html): 420.123 ms POST Response code = 200 Found #<WebUser:0x7f4b717475c0>. Authenticating session Response from Streamline took (/wapps/streamline/protected/findUnacknowledgedTerms.html): 744.883 ms POST Response code = 200 User #<WebUser:0x7f4b717475c0> has terms to accept. ================================================== Redirected to https://openshifttest.redhat.com/app/terms/accept Completed 302 Found in 1181ms <The second time I registered>: Started GET "/app/console" for 203.114.244.88 at Fri Mar 23 01:15:46 -0400 2012 [Barista] Compiling all scripts for barista [Barista] Compiling all coffeescripts [Barista] Copying all javascripts Processing by ConsoleController#index as HTML Checking for logout request Not a logout request, checking for cookie rh_sso cookie = '0|rciFVn2IP1jS6T4LqRyhGR9PElgcdI4NLY9' ============================================================== User has an authenticated session Session ticket matches current ticket User yujzhang+newnew007 is missing access. Requesting access... Response from Streamline took (/wapps/streamline/requestAccess.html): 869.073 ms POST Response code = 200 Access request successful for user yujzhang+newnew007 Response from Streamline took (/wapps/streamline/cloudVerify.html): 433.432 ms POST Response code = 200 Login required Redirected to https://openshifttest.redhat.com/app/console/applications Completed 302 Found in 1310ms ================================================================ PLS : I have cleared all my cookies before I registered the second time, but still not clear why "User has an authenticated session".
This looks like a combination of several changes, some of which may have been intentional (for the terms signup story). When a user signs up, they have to log in for the first time, which sets the rh_sso cookie. However, the block of code which handles terms only gets called if you visit the OpenShift site with a valid rh_sso cookie (meaning you logged in via the Redhat.com main site) but without our session cookie. So the terms are intentionally bypassed until you access the site without the session cookie but with an rh_sso cookie (which is unlikely to occur). I think what should be happening is that the login flow should check once per session for the list of terms the user must accept, and then redirect them to the terms UI. If the user accepts the terms, or if he has no terms to accept, then the session should contain a boolean like :complete = true which indicates that the check has been completed. 1) User accesses protected page and is authenticated 2) Check token age 3) Check whether user has the cloud_access_1 role 4) Check whether the user has any unacknowledged terms (redirect to terms page if so) 5) If everything passes, set session[:complete] = true which bypasses the role and terms checks on subsequent URLs as long as the session is valid. Fotios, assigning to you since this is under your story. Double check if anything I said above doesn't make sense or is different than what you think should happen. Also, if the terms service fails or is unavailable, we should let the user through (don't want to prevent login because of that), and should have a 5-10s timeout (dunno what we have now). Because signed up users have to accept the terms on the signup page, and this works when already logged in as an RHN account, I think we can afford not to deliver this this sprint as long as it's correct next sprint.
Yujie, can we reduce the priority on this to medium? As noted before this is in code that hasn't changed in the last few sprints, and while it might be annoying, only happens once per user on their second login. We should fix it, but I don't know if it's the blocking issue for the sprint.
(In reply to comment #2) > Yujie, can we reduce the priority on this to medium? As noted before this is > in code that hasn't changed in the last few sprints, and while it might be > annoying, only happens once per user on their second login. We should fix it, > but I don't know if it's the blocking issue for the sprint. Hi, Clayton. The current situation is the terms are even not required to accept almost all the time, after I register an new user , and log in without need to accept to terms, then I could do anything like creating app, I think we need to fix it in this sprint if accept terms is important, and can not reduce its priority. The attachment below is the log flow while I'm logging in with a new user, hope it could help you to debug. Thanks
Created attachment 572912 [details] Login flow log
The bottom of the signup screen clearly lists the terms and says that by signing up you accept them - from a legal perspective the two steps are considered identical (and in a future sprint that will be the only way to accept terms, once Streamline support for accepting all terms on signup is complete).
OK, since we already refer the terms in signup page, then it's ok to reduce the priority, thanks for clarification.
Reducing the priority to low since it was decided above not to block the sprint on this.
This flow is being taken care of with the new login code (R&D for this sprint and being delivered next sprint). I'm going to hold off making the change now so as not to mess with the current logic.
(In reply to comment #8) Still has this issue on devenv_1713, could you please check it again ?
We couldn't make the change this sprint because of other priorities. It's going to go in next sprint for sure.
(In reply to comment #10) Ok, then we will wait for the next sprint, thanks.
Tested this issue on devenv_1730, the user will be taken to accept term page when first log in, verify this bug. The current workflow is as following: 1)register 2)confirm 3)first login 4)accept terms 5)logged in Btw, the user can access all the marketing pages without accepting terms when first login.