Opened 6 years ago

Last modified 4 years ago

#2400 new defect

Logging in does not clear "Authentication failed" message

Reported by: dank Owned by:
Priority: minor Milestone: 0.8.x
Version: 0.8.7 Keywords: webstatus
Cc: rutsky.vladimir@…

Description (last modified by dustin)

Try to log in with wrong password. Receive accurate "Authentication failed" page. Then log in with the right password.

Expected: the "Authentication failed" page should go away, if not immediately, at least when you reload.

Actual: confusing stale "Authentication failed" page remains, even though upper right corner of page shows logging in succeeded. Stale message remains even if you reload.

Change History (14)

comment:1 Changed 6 years ago by dustin

  • Keywords web added
  • Milestone changed from undecided to 0.8.+

This is because everything redirects to the authfailed page, rather than rendering it.

comment:2 Changed 6 years ago by tom.prince

  • Milestone changed from 0.8.+ to 0.8.8

comment:3 Changed 6 years ago by ShriramK

Is the message - " no user found with those credentials" - also visible in the results before displaying the Authentication Failed message on second time(successful login)?

Update: Ignore this comment

Last edited 6 years ago by ShriramK (previous) (diff)

comment:5 Changed 6 years ago by ShriramK

Is LoginResource? class variable the right way to fix this as seen in http://pastie.org/5527348 ?

Last edited 6 years ago by ShriramK (previous) (diff)

comment:6 Changed 6 years ago by dustin

For posterity, that pastie contains:

!patch
diff --git a/master/buildbot/status/web/auth.py b/master/buildbot/status/web/auth.py
index e9b168c..1577dd5 100644
--- a/master/buildbot/status/web/auth.py
+++ b/master/buildbot/status/web/auth.py
@@ -183,7 +183,8 @@ class AuthFailResource(HtmlResource):
 
     def content(self, request, cxt):
         templates =request.site.buildbot_service.templates
-        template = templates.get_template("authfail.html") 
+        template = templates.get_template("authfail.html")
+        cxt['referer'] =request.requestHeaders.getRawHeaders('referer')
         return template.render(**cxt)
 
 class AuthzFailResource(HtmlResource):
@@ -196,16 +197,23 @@ class AuthzFailResource(HtmlResource):
 
 class LoginResource(ActionResource):
 
+    originalPage = None
     def performAction(self, request):
         authz = self.getAuthz(request)
         d = authz.login(request)
         def on_login(res):
             if res:
+                if originalPage is not None:
+                    # Nullify originalPage to be assigned url on next login failure
+                    originalPage = None
                 status = request.site.buildbot_service.master.status
                 root = status.getBuildbotURL()
                 return request.requestHeaders.getRawHeaders('referer',
                                                             [root])[0]
             else:
+                if originalPage is None:
+                    # Preserve url of the Original Page/Referer
+                    originalPage = request.requestHeaders.getRawHeaders('referer')
                 return path_to_authfail(request)
         d.addBoth(on_login)
         return d
diff --git a/master/buildbot/status/web/templates/authfail.html b/master/buildbot/status/web/templates/authfail.html
index bae600f..bad1f35 100644
--- a/master/buildbot/status/web/templates/authfail.html
+++ b/master/buildbot/status/web/templates/authfail.html
@@ -5,7 +5,8 @@
 <h1>Authentication Failed</h1>
 
 <p>The username or password you entered were not correct. 
-   Please go back and try again.
+   Click here to go back and try again.
+   <a href="{{ referer }}">back</a>
 </p>
 
 {% endblock %}

comment:7 Changed 6 years ago by dustin

That is storing the originalPage state on the LoginResource object, which is global to all users of the site -- not what we want.

Following HATEOAS (google that one!), the client's state (including originalPage) needs to be stored on the client. The easiest way to do that is to embed it in the URL. For example, when authentication fails, redirect to

/authfail.html?originalPage=http%3A%2F%2Fserver.com%2Fbuilder%2Ffoo%2F

then, when rendering authfail, extract that URL and redirect to it if the user is logged in.

comment:8 Changed 5 years ago by dustin

ShriramK, do you want to finish this up so we can get it merged?

comment:9 Changed 5 years ago by rutsky

  • Cc rutsky.vladimir@… added

comment:10 Changed 4 years ago by dustin

  • Description modified (diff)
  • Milestone changed from 0.8.9 to 0.8.+

comment:11 Changed 4 years ago by dustin

  • Milestone changed from 0.8.+ to 0.9.+

Ticket retargeted after milestone closed

comment:12 Changed 4 years ago by dustin

  • Milestone changed from 0.9.+ to 0.8.x (unmaintained)

comment:13 Changed 4 years ago by dustin

  • Milestone changed from 0.8.x (unmaintained) to 0.8.x

Milestone renamed

comment:14 Changed 4 years ago by tardyp

  • Keywords webstatus added; web removed
Note: See TracTickets for help on using tickets.