Bug 867920 - Don't generate password if user doesn't have permission to set the VM ticket
Don't generate password if user doesn't have permission to set the VM ticket
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-restapi (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity low
: ---
: 3.2.0
Assigned To: Michal Skrivanek
Ondra Machacek
virt
:
Depends On:
Blocks: 915537
  Show dependency treegraph
 
Reported: 2012-10-18 11:03 EDT by David Jaša
Modified: 2013-06-11 05:59 EDT (History)
8 users (show)

See Also:
Fixed In Version: sf4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-10-18 11:03:16 EDT
Description of problem:
Don't generate ticket if user doesn't have permission to connect to the VM

Version-Release number of selected component (if applicable):
3.1.0-18 / si19.1

How reproducible:
always

Steps to Reproduce:
1. try to get a ticket for VM as a user who doesn't have permission to access the VM
2.
3.
  
Actual results:
error is thrown but password is generated nonetheless:
HTTP/1.1 400 Bad Request
Date: Thu, 18 Oct 2012 14:59:37 GMT
Set-Cookie: JSESSIONID=QeBzoZm-awdG2ncedehUZ0kP; Path=/api; Secure
Content-Type: application/xml
Content-Length: 366
Connection: close

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<action>
    <ticket>
        <value>OFj/0+6rXgLY</value>
        <expiry>7200</expiry>
    </ticket>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>



Expected results:
new ticket is neither generated nor sent to the API user:
<action>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>

OR

<action>
    <ticket/>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>


Additional info:
Comment 2 David Jaša 2012-10-19 06:17:14 EDT
Made summary more precise.
Comment 5 Libor Spevak 2012-12-11 10:54:23 EST
http://gerrit.ovirt.org/#/c/9855/
Comment 6 Libor Spevak 2012-12-12 07:59:34 EST
Posted new patch:
http://gerrit.ovirt.org/#/c/9997/
Comment 7 Libor Spevak 2013-01-07 05:55:30 EST
Merged: 
a8c4eb098c5eeb05406b1bb19d8b0d016e84d953
Comment 8 Ondra Machacek 2013-02-05 07:06:51 EST
Verified sf5.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<action>
    <ticket/>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>
Comment 10 Itamar Heim 2013-06-11 05:52:15 EDT
3.2 has been released
Comment 11 Itamar Heim 2013-06-11 05:52:27 EDT
3.2 has been released
Comment 12 Itamar Heim 2013-06-11 05:59:10 EDT
3.2 has been released

Note You need to log in before you can comment on or make changes to this bug.