Actions
Bug #15843
open
Redirect to login page on CSRF error
Description
To reproduce
1) Open two tabs in browser
2) Go to red hat repositories page on one and open to an enabled repository
3) On other tab logout
4) Go to RH repos tab and disable repo.
5) You should see a CSRF token error
This probably can be reproduced enabling a repo as well.
Ideally we would redirect to login page here.
2016-07-26 13:47:49 [app] [I] Started GET "/katello/products/130/available_repositories?content_id=2472&_=1469540849891" for 192.168.121.1 at 2016-07-26 13:47:49 +0000
2016-07-26 13:47:49 [app] [I] Processing by Katello::ProductsController#available_repositories as */*
2016-07-26 13:47:49 [app] [I] Parameters: {"content_id"=>"2472", "_"=>"1469540849891", "id"=>"130"}
2016-07-26 13:47:56 [app] [I] Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.68/app/views/katello/providers/redhat/_repos.html.erb (10.8ms)
2016-07-26 13:47:56 [app] [I] Completed 200 OK in 6985ms (Views: 11.5ms | ActiveRecord: 72.6ms)
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating throttle_limiter...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating client dispatcher...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] stop listening for new events...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating clock...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating throttle_limiter...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating client dispatcher...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] stop listening for new events...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating clock...
2016-07-26 13:53:40 [app] [I] Started PUT "/katello/products/130/toggle_repository" for 192.168.121.1 at 2016-07-26 13:53:40 +0000
2016-07-26 13:53:40 [app] [I] Processing by Katello::ProductsController#toggle_repository as */*
2016-07-26 13:53:40 [app] [I] Parameters: {"repo"=>"0", "pulp_id"=>"Default_Organization-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_7_Server_-_RH_Common_RPMs_x86_64_7Server", "content_id"=>"2472", "releasever"=>"7Server", "basearch"=>"x86_64", "id"=>"130"}
2016-07-26 13:53:40 [app] [W] Can't verify CSRF token authenticity
2016-07-26 13:53:40 [app] [I] Completed 500 Internal Server Error in 5ms
2016-07-26 13:53:40 [app] [F]
| Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
| app/controllers/application_controller.rb:371:in `handle_unverified_request'
| lib/middleware/catch_json_parse_errors.rb:9:in `call'
|
Updated by John Mitsch over 7 years ago
- Subject changed from CSRF mismatch on disabling RH repository to CSRF error on disabling RH repository
Updated by Justin Sherrill over 7 years ago
- Status changed from New to Rejected
- translation missing: en.field_release set to 166
This is behaving as expected, when logging out in one tab, you'll be logged out in all tabs.
Updated by John Mitsch over 7 years ago
The issue is more with the fact that the CSRF error is not obvious to the user and they are not redirected to a login page. I think in this scenario redirecting to a login page would improve the UX.
Updated by John Mitsch over 7 years ago
- Subject changed from CSRF error on disabling RH repository to Redirect to login page on CSRF error
Updated by Justin Sherrill over 7 years ago
- Status changed from Rejected to New
- translation missing: en.field_release changed from 166 to 114
Actions