Bug #7737

Change for issue 6999 broke logout for PAM-based (intercept) authentication

Added by Jan Pazdziora almost 4 years ago. Updated 9 days ago.

Status:Closed
Priority:Normal
Assignee:-
Category:Web Interface
Target version:1.6.1
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:https://github.com/theforeman/foreman/pull/1807

Description

The change that went into Foreman as 4e3a7e7a2a5 prevents /users/logout to be called as GET. Alas, app/services/sso/form_intercept.rb defines controller.main_app.logout_users_path as logout_url. Logging out from user session which was started via PAM-based (intercepted) logon form login fails with

The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.

Related issues

Related to Foreman - Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attack Closed 08/08/2014
Related to Foreman - Bug #7738: Some SSO methods may fail Closed 09/29/2014

Associated revisions

Revision f432ee3f
Added by Jan Pazdziora almost 4 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

Revision ecf52571
Added by Jan Pazdziora almost 4 years ago

fixes #7737 - no specific logout URL needed, will go directly back to login.

(cherry picked from commit f432ee3f50e124a2e11773c86345ef67db8f6340)

History

#1 Updated by The Foreman Bot almost 4 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.3
  • Pull request https://github.com/theforeman/foreman/pull/1807 added

#2 Updated by Marek Hulán almost 4 years ago

  • Related to Bug #6999: CVE-2014-3590 - User logout susceptible to CSRF attack added

#3 Updated by Marek Hulán almost 4 years ago

  • Related to Bug #7738: Some SSO methods may fail added

#4 Updated by Jan Pazdziora almost 4 years ago

  • Subject changed from Change for issue 6999 broke logout for external authentication to Change for issue 6999 broke logout for PAM-based (intercept) authentication

#5 Updated by Dominic Cleal almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 22

#6 Updated by Dominic Cleal almost 4 years ago

  • Target version changed from 1.7.3 to 1.7.2

#7 Updated by Jan Pazdziora almost 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF