Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-42049

In Hammer, `organization` commands with user not logged in shows wrong error and does not terminate session

XMLWordPrintable

    • False
    • sat-endeavour
    • None
    • None
    • None
    • None

      Description of problem:

      When a user is not logged in, `organization` commands in hammer don't fail with the correct:

      Unable to authenticate user 
Invalid username or password.

      Instead, they fail with:

      Access denied
Missing one of the required permissions: view_organizations

      Authentication seems to be bypassed, it only fails due to missing permissions (because the nonexistent user doesn't have any permissions).

      This happens for `organization list`, `organization info` etc.

      Additionally, other commands (like `location list`), on failure, terminate the Hammer session that has previously been created and has now timed out. Organization commands don't do that and they keep the Hammer session alive and invalid:

      # hammer --username admin --password changeme --interactive no organization list
---|----------------------|----------------------|-------------|---------------------
ID | TITLE                | NAME                 | DESCRIPTION | LABEL               
---|----------------------|----------------------|-------------|---------------------
1  | Default Organization | Default Organization |             | Default_Organization
---|----------------------|----------------------|-------------|---------------------

# hammer --interactive no organization list
---|----------------------|----------------------|-------------|---------------------
ID | TITLE                | NAME                 | DESCRIPTION | LABEL               
---|----------------------|----------------------|-------------|---------------------
1  | Default Organization | Default Organization |             | Default_Organization
---|----------------------|----------------------|-------------|---------------------

# sleep 60 # timeout is 1 minute

# hammer auth status
Session exists, currently logged in as 'admin'.

# hammer --interactive no organization list
Access denied
Missing one of the required permissions: view_organizations

# hammer auth status
Session exists, currently logged in as ''.

# hammer --interactive no location list
Unable to authenticate user 
Invalid username or password.

# hammer auth status
Credentials are not configured.

      How reproducible:

      Deterministic on sat 6.18+

      Is this issue a regression from an earlier version:

      Yes, it doesn't happen on Sat < 6.18.

      Steps to Reproduce:

      1. Set session Idle Timeout to 1 minute in Administer -> Authentication 

      2. Run the reproducer shown above

      Actual behavior:
      "Access denied: Missing one of the required permissions: view_organizations" is shown as an error and the Hammer session is not terminated

      Expected behavior:
      "Unable to authenticate user: Invalid username or password." is shown as error and the Hammer session is terminated.

      Business Impact / Additional info:

      Related to SAT-38951 where I already reported this behavior but it hasn't been fixed there.

              Unassigned Unassigned
              lhellebr@redhat.com Lukas Hellebrandt
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: