You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Sangeeta Ravindran <sa...@gmail.com> on 2016/03/18 17:52:58 UTC
Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/
-----------------------------------------------------------
Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
Bugs: AMBARI-15319
https://issues.apache.org/jira/browse/AMBARI-15319
Repository: ambari
Description
-------
Install latest Ambari trunk build.
Open Ambari web using IE. In the Admin view, click on Sign out.
The login page is displayed briefly and then the page returns to the Admin view.
This works fine on FF and Chrome.
This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
// Workaround for sign off within Basic Authorization
var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
$window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
return $http({
method: 'GET',
url: origin + Settings.baseUrl + '/logout'
});
This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
To fix this, we will instead pass an invalid username and password in the request header.
//use an invalid username and password in the request header
$http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
return $http({
method: 'GET',
url: Settings.baseUrl + '/logout'
});
Diffs
-----
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
Diff: https://reviews.apache.org/r/44966/diff/
Testing
-------
Manually tested fix on IE, Chrome and FF.
Thanks,
Sangeeta Ravindran
Re: Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On March 21, 2016, 5:03 p.m., Alexandr Antonenko wrote:
> > Ship It!
Thanks Alexander. Can you please help push the fix?
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124579
-----------------------------------------------------------
On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
>
> (Updated March 18, 2016, 4:52 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
>
>
> Bugs: AMBARI-15319
> https://issues.apache.org/jira/browse/AMBARI-15319
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin view.
> This works fine on FF and Chrome.
>
> This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
>
> // Workaround for sign off within Basic Authorization
> var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
> $window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
> return $http({
> method: 'GET',
> url: origin + Settings.baseUrl + '/logout'
> });
>
> This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
>
> As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
>
> To fix this, we will instead pass an invalid username and password in the request header.
>
> //use an invalid username and password in the request header
> $http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
> return $http({
> method: 'GET',
> url: Settings.baseUrl + '/logout'
> });
>
>
> Diffs
> -----
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
>
> Diff: https://reviews.apache.org/r/44966/diff/
>
>
> Testing
> -------
>
> Manually tested fix on IE, Chrome and FF.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
Posted by Alexandr Antonenko <hi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124579
-----------------------------------------------------------
Ship it!
Ship It!
- Alexandr Antonenko
On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
>
> (Updated March 18, 2016, 4:52 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
>
>
> Bugs: AMBARI-15319
> https://issues.apache.org/jira/browse/AMBARI-15319
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin view.
> This works fine on FF and Chrome.
>
> This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
>
> // Workaround for sign off within Basic Authorization
> var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
> $window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
> return $http({
> method: 'GET',
> url: origin + Settings.baseUrl + '/logout'
> });
>
> This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
>
> As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
>
> To fix this, we will instead pass an invalid username and password in the request header.
>
> //use an invalid username and password in the request header
> $http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
> return $http({
> method: 'GET',
> url: Settings.baseUrl + '/logout'
> });
>
>
> Diffs
> -----
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
>
> Diff: https://reviews.apache.org/r/44966/diff/
>
>
> Testing
> -------
>
> Manually tested fix on IE, Chrome and FF.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
Posted by Alexandr Antonenko <hi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124598
-----------------------------------------------------------
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js (line 21)
<https://reviews.apache.org/r/44966/#comment187210>
next time don't forget to remove unused variable $window
- Alexandr Antonenko
On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
>
> (Updated March 18, 2016, 4:52 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
>
>
> Bugs: AMBARI-15319
> https://issues.apache.org/jira/browse/AMBARI-15319
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin view.
> This works fine on FF and Chrome.
>
> This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
>
> // Workaround for sign off within Basic Authorization
> var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
> $window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
> return $http({
> method: 'GET',
> url: origin + Settings.baseUrl + '/logout'
> });
>
> This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
>
> As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
>
> To fix this, we will instead pass an invalid username and password in the request header.
>
> //use an invalid username and password in the request header
> $http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
> return $http({
> method: 'GET',
> url: Settings.baseUrl + '/logout'
> });
>
>
> Diffs
> -----
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
>
> Diff: https://reviews.apache.org/r/44966/diff/
>
>
> Testing
> -------
>
> Manually tested fix on IE, Chrome and FF.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On March 21, 2016, 4:22 p.m., Alexandr Antonenko wrote:
> > I cannot reproduce it. This is strange issue, that I cannot reproduce, and the fix is even more strange. What version of IE you are using ?
Hi Alexander,
I am able to reproduce this consistently on IE 11.0.9600.18230.
The solution is a work-around. Denys suggested that I try fixing it by passing the additional parameters in the header instead of the url itself.
Thanks,
Sangeeta
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124571
-----------------------------------------------------------
On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
>
> (Updated March 18, 2016, 4:52 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
>
>
> Bugs: AMBARI-15319
> https://issues.apache.org/jira/browse/AMBARI-15319
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin view.
> This works fine on FF and Chrome.
>
> This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
>
> // Workaround for sign off within Basic Authorization
> var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
> $window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
> return $http({
> method: 'GET',
> url: origin + Settings.baseUrl + '/logout'
> });
>
> This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
>
> As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
>
> To fix this, we will instead pass an invalid username and password in the request header.
>
> //use an invalid username and password in the request header
> $http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
> return $http({
> method: 'GET',
> url: Settings.baseUrl + '/logout'
> });
>
>
> Diffs
> -----
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
>
> Diff: https://reviews.apache.org/r/44966/diff/
>
>
> Testing
> -------
>
> Manually tested fix on IE, Chrome and FF.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 44966: In IE,
logging out of Ambari Admin View doesn't log user out of web console.
Posted by Alexandr Antonenko <hi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124571
-----------------------------------------------------------
I cannot reproduce it. This is strange issue, that I cannot reproduce, and the fix is even more strange. What version of IE you are using ?
- Alexandr Antonenko
On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
>
> (Updated March 18, 2016, 4:52 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
>
>
> Bugs: AMBARI-15319
> https://issues.apache.org/jira/browse/AMBARI-15319
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin view.
> This works fine on FF and Chrome.
>
> This seems to be happening because of the additional parameters added to the url in signout() method in ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
>
> // Workaround for sign off within Basic Authorization
> var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' +
> $window.location.hostname + ($window.location.port ? ':' + $window.location.port : '');
> return $http({
> method: 'GET',
> url: origin + Settings.baseUrl + '/logout'
> });
>
> This causes an exception in IE (A security problem occurred.) when executing urlParsingNode.setAttribute("href", href);
>
> As a result, the server side performLogout method is not invoked and after temporarily displaying the login page, the user is brought back in to the Dashboard.
>
> To fix this, we will instead pass an invalid username and password in the request header.
>
> //use an invalid username and password in the request header
> $http.defaults.headers.common['Authorization'] = 'Basic ' + btoa('invalid_username:password');
> return $http({
> method: 'GET',
> url: Settings.baseUrl + '/logout'
> });
>
>
> Diffs
> -----
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 14c04c1
>
> Diff: https://reviews.apache.org/r/44966/diff/
>
>
> Testing
> -------
>
> Manually tested fix on IE, Chrome and FF.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>