Bug 838428 - Users still need to log in after clicking the confirm link and can not log in.
Users still need to log in after clicking the confirm link and can not log in.
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Website (Show other bugs)
2.x
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Clayton Coleman
libra bugs
: TestBlocker, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-09 01:40 EDT by Yujie Zhang
Modified: 2015-05-14 21:12 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-13 19:43:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Yujie Zhang 2012-07-09 01:40:21 EDT
Description of problem:

I registered a new account on an integrated environment, after clicking the confim link, I was still token to login page, and when I tried to login, always token to "Continue Working" page and can not login to openshift.

Version-Release number of selected component (if applicable):

devenv_1879

How reproducible:always


Steps to Reproduce:
1.Go to openshift website and register a new account
2.Click the confirm link and try to log in.
3.
  
Actual results:

Still need to log in after clicking the confirm link and can not log in.

Expected results:

The user should be logged in after clicking the confirm link.

Additional info:
Comment 1 Yujie Zhang 2012-07-09 05:27:55 EDT
Hope the following will be helpful to you:


Started GET "/app/terms/accept" for 203.114.244.88 at Mon Jul 09 05:23:30 -0400 2012
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
[Barista] Copying all javascripts
> Unable to verify cookie signature, session cannot be decoded
  Processing by TermsController#new as HTML
  Streamline call (428.0ms) roles! /wapps/streamline/cloudVerify.html [ response: {"username"=>"yujzhang+new8897@redhat.com", "roles"=>["simple_authenticated"]}, code: 200, args: {} ]
  Streamline call (525.7ms) terms /wapps/streamline/protected/findUnacknowledgedTerms.html?hostname=openshift.redhat.com&context=OPENSHIFT&locale=en [ response: {"unacknowledgedTerms"=>[{"termUrl"=>"http://openshift.redhat.com/app/legal/services_agreement", "termId"=>1046, "termTitle"=>"OpenShift Service Agreement"}, {"termUrl"=>"http://www.redhat.com/legal/legal_statement.html", "termId"=>1, "termTitle"=>"Red Hat Site Terms"}, {"termUrl"=>"https://access.redhat.com/help/terms_conditions.html", "termId"=>1010, "termTitle"=>"Red Hat Portals Terms of Use"}]}, code: 200, args: {} ]
Rendered layouts/_head.html.haml (12.8ms)
Rendered layouts/site/_stylesheets.html.haml (4.2ms)
Rendered layouts/simple/_header.html.haml (8.5ms)
Rendered layouts/site/_javascripts.html.haml (12.1ms)
Rendered terms/new.html.haml within layouts/simple (98.4ms)
Completed 200 OK in 1252ms (Views: 127.7ms | Streamline: 953.7ms)


Started POST "/app/terms" for 203.114.244.88 at Mon Jul 09 05:23:36 -0400 2012
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
[Barista] Copying all javascripts
> Unable to verify cookie signature, session cannot be decoded
  Processing by TermsController#create as HTML
  Parameters: {"authenticity_token"=>"vNoVUQMo1N0XNCkSNyfiJsrqF1F9PMMD2YduF9bmh88=", "utf8"=>"✓", "commit"=>"I Accept"}
Access denied: Request authenticity token does not match session {"session_id"=>"b7d3f4376e89f11bfc71904c93d71db2", "_csrf_token"=>"9TLl1sFGryo9DH1nyYy6PS6aMfyMGDX9mA1q1Dp1LNs="}
Redirected to https://openshifttest.redhat.com/app/logout?cause=Request+authenticity+token+does+not+match+session+%7B%22session_id%22%3D%3E%22b7d3f4376e89f11bfc71904c93d71db2%22%2C+%22_csrf_token%22%3D%3E%229TLl1sFGryo9DH1nyYy6PS6aMfyMGDX9mA1q1Dp1LNs%3D%22%7D&then=%2Fapp%2Faccount
Completed 302 Found in 3ms


Started GET "/app/logout?cause=Request+authenticity+token+does+not+match+session+%7B%22session_id%22%3D%3E%22b7d3f4376e89f11bfc71904c93d71db2%22%2C+%22_csrf_token%22%3D%3E%229TLl1sFGryo9DH1nyYy6PS6aMfyMGDX9mA1q1Dp1LNs%3D%22%7D&then=%2Fapp%2Faccount" for 203.114.244.88 at Mon Jul 09 05:23:36 -0400 2012
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
[Barista] Copying all javascripts
  Processing by LogoutController#show as HTML
  Parameters: {"then"=>"/app/account", "cause"=>"Request authenticity token does not match session {\"session_id\"=>\"b7d3f4376e89f11bfc71904c93d71db2\", \"_csrf_token\"=>\"9TLl1sFGryo9DH1nyYy6PS6aMfyMGDX9mA1q1Dp1LNs=\"}"}
  Streamline call (427.7ms) roles! /wapps/streamline/cloudVerify.html [ response: {"username"=>"yujzhang+new8897@redhat.com", "roles"=>["simple_authenticated"]}, code: 200, args: {} ]
  Streamline call (421.4ms) logout /wapps/sso/logout.html [ code: 302 ]
  Removing current SSO cookie value of '0|2nogIm2XAXEfYQ1YMoFc3EJwrcIgqBXZeVj'
Rendered layouts/_head.html.haml (12.9ms)
Rendered layouts/site/_stylesheets.html.haml (4.9ms)
Rendered layouts/simple/_header.html.haml (9.2ms)
Rendered layouts/site/_javascripts.html.haml (13.0ms)
Rendered logout/show.html.haml within layouts/simple (200.0ms)
Completed 200 OK in 1114ms (Views: 204.0ms | Streamline: 849.1ms)
Comment 2 Clayton Coleman 2012-07-09 12:20:42 EDT
I pushed changes to master that provide better debugging of failures to deserialize the request when the user is in development mode.  Please update your devenv so that you have commit "Add better debugging to session_trace..." c226c1c and recreate your scenario.

This is the signout on cookies issue, not an issue specific to the new feature (I was able to login successfully locally).
Comment 3 Clayton Coleman 2012-07-09 12:23:34 EDT
Was able to recreate locally 

> Session unreadable (ArgumentError: dump format error(0x85)): BAh7DSIKbG9naW4iG2Njb2xlbWFuKzI0QHJlZGhhdC5jb20iEF9jc3JmX3Rva2VuIjE2R2tvVzUwZFlPRkR0bEFPWEhvSWxVUDVVVG96blN2ZGVja2tVUkx3L3djPSIKZmxhc2hJQzolQWN0aW9uRGlzcGF0Y2g6OkZsYXNoOjpGbGFzaEhhc2h7BjoLbm90aWNlIidDcmVhdGUgeW91ciBmaXJzdCBhcHBsaWNhdGlvbiBub3chBjoKQHVzZWRvOghTZXQGOgpAaGFzaHsAIgt0aWNrZXQiKjB8UlhiTXBtU21EN2dkSXN2cEp0eUpLVjBrOWhRcGVhS3M0V1MiD3Nlc3Npb25faWQiJTAwMTgxMmM5ZWUwNGY3NDAxNGE0OTEwNDc1Y2I4ZDJhIgp0ZXJtc1QiFHRpY2tldF92ZXJpZmllZGwrB5Tx k8iFHN0cmVhbWxpbmVfdHlwZToLc2ltcGxl
Comment 4 Clayton Coleman 2012-07-09 15:40:48 EDT
This is caused by a cookie escaping/unescaping problem that has been in our codebase since september of last year.  The session cookie was not properly encoded when written to the response (specifically, + was not converted to %2B) and so when it was then returned to the user it was not properly decoded (+ decodes to space).  This meant the session was invalid and could not be loaded.

The original patch was to let rh_sso be written without encoding (2fb92fbd), but the patch applied to all cookies.  Made the patch only apply to specific known cookies.

Waiting for clean build to merge.
Comment 5 Yujie Zhang 2012-07-09 23:51:10 EDT
(In reply to comment #4)
Tried this on devenv_1882 today, I registered a new account and after clicking to the "Accept" button ,I was token to the https://ec2-107-22-63-243.compute-1.amazonaws.com/app/console/application_types page, but meet "ActiveResource::ServerError in ApplicationTypesController#index " error, the log is as following:

Started GET "/app/console/application_types" for 203.114.244.88 at Mon Jul 09 23:39:39 -0400 2012
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
[Barista] Copying all javascripts
> Session: {"terms"=>true, "ticket_verified"=>1341891568, "ticket"=>"0|MrtFuaKzi4ZVFH5xkpXK1WlNXuLHhiYeukg", "streamline_type"=>:simple, "_csrf_token"=>"mrdIqzKQMzs6ER6cn6tNRCvZaLTWexfGHkyDV7R9X80=", "session_id"=>"7edebcd42ea7577cff3dc9e1264611e3", "flash"=>{:notice=>"Create your first application now!"}, "login"=>"yujzhang+iio@redhat.com"}
  Processing by ApplicationTypesController#index as HTML
  Login required
  Session contents: {"terms"=>true, "ticket_verified"=>1341891568, "ticket"=>"0|MrtFuaKzi4ZVFH5xkpXK1WlNXuLHhiYeukg", "streamline_type"=>:simple, "_csrf_token"=>"mrdIqzKQMzs6ER6cn6tNRCvZaLTWexfGHkyDV7R9X80=", "session_id"=>"7edebcd42ea7577cff3dc9e1264611e3", "flash"=>{:notice=>"Create your first application now!"}, "login"=>"yujzhang+iio@redhat.com"}
  ^[[1m^[[34mOpenShift API (186.7ms)^[[0m ^[[1m^[[1mget^[[0m https://localhost:443/broker/rest/cartridges.json [ code: ^[[1m^[[1m500^[[0m ]
Completed 500 Internal Server Error in 243ms

ActiveResource::ServerError (Failed.  Response code = 500.  Response message = Internal Server Error.):
  lib/active_resource/persistent_connection.rb:188:in `handle_response'
  lib/active_resource/persistent_connection.rb:155:in `request'
  app/models/rest_api/base.rb:627:in `get'
  lib/active_resource/persistent_connection.rb:267:in `with_auth'
  app/models/rest_api/base.rb:627:in `get'
  app/models/rest_api/base.rb:509:in `find_every'
  app/models/rest_api/base.rb:344:in `find'
  app/models/rest_api/cacheable.rb:41:in `send'
  app/models/rest_api/cacheable.rb:41:in `all'
  app/models/rest_api/cacheable.rb:40:in `all'
  app/models/cartridge_type.rb:104:in `standalone'
  app/models/application_type.rb:64:in `find_every'
  app/models/application_type.rb:52:in `find'
  app/models/application_type.rb:43:in `all'
  app/controllers/application_types_controller.rb:4:in `index'
  app/models/rest_api/railties/controller_runtime.rb:12:in `process_action'
  lib/streamline/railties/controller_runtime.rb:12:in `process_action'

Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/_trace.erb (2.4ms)
Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (101.8ms)
Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (110.9ms)


Started GET "/app/console/application_types" for 203.114.244.88 at Mon Jul 09 23:39:48 -0400 2012
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
[Barista] Copying all javascripts
> Session: {"terms"=>true, "ticket_verified"=>1341891568, "ticket"=>"0|MrtFuaKzi4ZVFH5xkpXK1WlNXuLHhiYeukg", "streamline_type"=>:simple, "_csrf_token"=>"mrdIqzKQMzs6ER6cn6tNRCvZaLTWexfGHkyDV7R9X80=", "session_id"=>"7edebcd42ea7577cff3dc9e1264611e3", "flash"=>{:notice=>"Create your first application now!"}, "login"=>"yujzhang+iio@redhat.com"}
  Processing by ApplicationTypesController#index as HTML
  Login required
  Session contents: {"terms"=>true, "ticket_verified"=>1341891568, "ticket"=>"0|MrtFuaKzi4ZVFH5xkpXK1WlNXuLHhiYeukg", "streamline_type"=>:simple, "_csrf_token"=>"mrdIqzKQMzs6ER6cn6tNRCvZaLTWexfGHkyDV7R9X80=", "session_id"=>"7edebcd42ea7577cff3dc9e1264611e3", "flash"=>{:notice=>"Create your first application now!"}, "login"=>"yujzhang+iio@redhat.com"}
  ^[[1m^[[34mOpenShift API (184.5ms)^[[0m ^[[1m^[[1mget^[[0m https://localhost:443/broker/rest/cartridges.json [ code: ^[[1m^[[1m500^[[0m ]
Completed 500 Internal Server Error in 233ms

ActiveResource::ServerError (Failed.  Response code = 500.  Response message = Internal Server Error.):
  lib/active_resource/persistent_connection.rb:188:in `handle_response'
  lib/active_resource/persistent_connection.rb:155:in `request'
  app/models/rest_api/base.rb:627:in `get'
  lib/active_resource/persistent_connection.rb:267:in `with_auth'
  app/models/rest_api/base.rb:627:in `get'
  app/models/rest_api/base.rb:509:in `find_every'
  app/models/rest_api/base.rb:344:in `find'
  app/models/rest_api/cacheable.rb:41:in `send'
  app/models/rest_api/cacheable.rb:41:in `all'
  app/models/rest_api/cacheable.rb:40:in `all'
  app/models/cartridge_type.rb:104:in `standalone'
  app/models/application_type.rb:64:in `find_every'
  app/models/application_type.rb:52:in `find'
  app/models/application_type.rb:43:in `all'
  app/controllers/application_types_controller.rb:4:in `index'
  app/models/rest_api/railties/controller_runtime.rb:12:in `process_action'

Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/_trace.erb (2.3ms)
Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (98.8ms)
Rendered /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.13/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (107.1ms)

Please check this asap in case it will also block today's testing.
Comment 6 Yujie Zhang 2012-07-10 04:35:53 EDT
This caused by our config error, tested this issue again, the bug has been fixed now.

Note You need to log in before you can comment on or make changes to this bug.