Project

General

Profile

Bug #7737

Change for issue 6999 broke logout for PAM-based (intercept) authentication

Added by Jan Pazdziora about 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The change that went into Foreman as 4e3a7e7a2a5 prevents /users/logout to be called as GET. Alas, app/services/sso/form_intercept.rb defines controller.main_app.logout_users_path as logout_url. Logging out from user session which was started via PAM-based (intercepted) logon form login fails with

The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.

Related issues

Related to Foreman - Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attackClosed2014-08-08
Related to Foreman - Bug #7738: Some SSO methods may failClosed2014-09-29

Associated revisions

Revision f432ee3f (diff)
Added by Jan Pazdziora about 6 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

Revision ecf52571 (diff)
Added by Jan Pazdziora about 6 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

(cherry picked from commit f432ee3f50e124a2e11773c86345ef67db8f6340)

History

#1 Updated by The Foreman Bot about 6 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.3
  • Pull request https://github.com/theforeman/foreman/pull/1807 added
  • Pull request deleted ()

#2 Updated by Marek Hulán about 6 years ago

  • Related to Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attack added

#3 Updated by Marek Hulán about 6 years ago

  • Related to Bug #7738: Some SSO methods may fail added

#4 Updated by Jan Pazdziora about 6 years ago

  • Subject changed from Change for issue 6999 broke logout for external authentication to Change for issue 6999 broke logout for PAM-based (intercept) authentication

#5 Updated by Dominic Cleal about 6 years ago

  • Legacy Backlogs Release (now unused) set to 22

#6 Updated by Dominic Cleal about 6 years ago

  • Target version changed from 1.7.3 to 1.7.2

#7 Updated by Jan Pazdziora about 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF