Bug #7737

Change for issue 6999 broke logout for PAM-based (intercept) authentication

Added by Jan Pazdziora about 3 years ago. Updated about 3 years ago.

Status:Closed
Priority:Normal
Assigned To:-
Category:Web Interface
Target version:Sprint 30
Difficulty: Bugzilla link:
Found in release: Pull request:https://github.com/theforeman/foreman/pull/1807
Story points-
Velocity based estimate-
Release1.6.1Release relationshipAuto

Description

The change that went into Foreman as 4e3a7e7a2a5 prevents /users/logout to be called as GET. Alas, app/services/sso/form_intercept.rb defines controller.main_app.logout_users_path as logout_url. Logging out from user session which was started via PAM-based (intercepted) logon form login fails with

The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.

Related issues

Related to Foreman - Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attack Closed 08/08/2014
Related to Foreman - Bug #7738: Some SSO methods may fail Closed 09/29/2014

Associated revisions

Revision f432ee3f
Added by Jan Pazdziora about 3 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

Revision ecf52571
Added by Jan Pazdziora about 3 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

(cherry picked from commit f432ee3f50e124a2e11773c86345ef67db8f6340)

History

#1 Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Target version set to Sprint 29
  • Pull request https://github.com/theforeman/foreman/pull/1807 added

#2 Updated by Marek Hulán about 3 years ago

  • Related to Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attack added

#3 Updated by Marek Hulán about 3 years ago

  • Related to Bug #7738: Some SSO methods may fail added

#4 Updated by Jan Pazdziora about 3 years ago

  • Subject changed from Change for issue 6999 broke logout for external authentication to Change for issue 6999 broke logout for PAM-based (intercept) authentication

#5 Updated by Dominic Cleal about 3 years ago

  • Release set to 1.6.1

#6 Updated by Dominic Cleal about 3 years ago

  • Target version changed from Sprint 29 to Sprint 30

#7 Updated by Jan Pazdziora about 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF