Bug #18948
closed
User logged in via SSO is redirected to login form after session expiration instead of auto re-login
Description
The problem is that the session is cleared and does not preserve the information it should, such as sso_method, organization and location context. The cause is that we call session.merge! which does not work as expected. We need to use update instead which is called on the delegated session hash. We have a test for this method but unfortunately it passes since rails tests are using different implementation for sessions ActionController::TestSession while in runtime, ActionDispatch::Request::Session is used. I'm not sure how to test that properly.
Updated by Marek Hulán over 7 years ago
Steps to reproduce¶
1) use SSO for logging in
2) let the session expire (you might need to disable notifications polling
3) reload the page
Actual results¶
you're redirected to login page with information about session expiration
Expected results¶
if SSO is still available (e.g. REMOTE_USER is set), user should be logged in immediately
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4384 added
Updated by Anonymous over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 70f7a9b993e98a738e691db6a2deb6b87e9b482b.
Updated by Dominic Cleal over 7 years ago
- Translation missing: en.field_release set to 227