My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1822: re-authentication failure with HTTP authentication
1 person starred this issue and may be notified of changes. Back to list
Status:  Submitted
Owner:  ----
Closed:  Mar 2013


Sign in to add a comment
 
Reported by lars.ped...@switch-gears.dk, Mar 12, 2013
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version: 2.5.2

What steps will reproduce the problem?
1. Modify etc/gerrit.config to use HTTP auth like:
[auth]
	type = HTTP
        httpHeader = x-forwarded-user

2. Restart gerrit

3. access gerrit with a valid user set in x-forwarded-for header.
   This gives you a GerritAccount cookie with default 12 hours of expiration time. 

4. access gerrit with an other valid user set in x-forwarded-for header. We do this by signing of in our sso solution (not signing off in gerrit) and sign in again as a different user.

What is the expected output? What do you see instead?
1) according to the documentation we expect the the logout link in gerrit is hidden: 
"As a result of this assumption, Gerrit can assume that any and all requests have already been authenticated. The "Sign In" and "Sign Out" links are therefore not displayed in the web UI."

But the link remains in the UI.

2) Because we didnt sign out of Gerrit we still have a valid GerritAccount cookie in the second login and this logs us into gerrit with the first user. 
Instead Gerrit should detect that the x-forwarded-for header has changed and should deliver a new session cookie.


Mar 12, 2013
#1 sop@google.com
https://gerrit-review.googlesource.com/43361
Status: ChangeUnderReview
Mar 12, 2013
#2 sop@google.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.6
Sign in to add a comment

Powered by Google Project Hosting