Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User case sensitive showing history #444

Closed
hamsterbacke opened this issue May 25, 2021 · 7 comments
Closed

User case sensitive showing history #444

hamsterbacke opened this issue May 25, 2021 · 7 comments
Labels
bug resolved
Milestone
1.17.0

Comments

@hamsterbacke
Copy link

Hi there,
i filed a bug about case sensitveness of authentication. Today I saw, that showing the task history seems also be case sensitive.
If user foobar executes something he can see history for user foobar but not Foobar or FOOBAR.
I used a current clone of the master branch.
@bugy bugy added the bug label May 25, 2021
@bugy bugy added this to the 1.17.0 milestone May 25, 2021
@bugy
Copy link
Owner

bugy commented May 25, 2021

Hi @hamsterbacke thanks for reporting

bugy added a commit that referenced this issue May 25, 2021
@bugy
#444 fixed case sensitive user access to script logs
6a534c5
@bugy
Copy link
Owner

bugy commented May 25, 2021

Fixed, could you try again, please?

@bugy bugy added the resolved label May 25, 2021
@hamsterbacke
Copy link
Author

Hi there,
today I had time to install the new version (version.txt says 1.17.0-master@45b68ce).
Now the user get's an empty history with the loading circle displayed.
In the log one can se:

2021-07-08 13:57:03,980 [script_server.execution_service.WARNING] Prohibited access to not owned execution #459 (user=FOOBAR)
2021-07-08 13:57:03,981 [tornado.application.ERROR] Uncaught exception GET /history/execution_log/short (127.0.0.1)
HTTPServerRequest(protocol='https', host='script.intern.kzvb.de:443', method='GET', uri='/history/execution_log/short', version='HTTP/1.1', remote_ip='127.0.0.1')
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/tornado/web.py", line 1590, in _execute
    result = method(*self.path_args, **self.path_kwargs)
  File "src/web/web_auth_utils.py", line 46, in wrapper
    return func(self, *args, **kwargs)
  File "src/web/web_utils.py", line 29, in wrapper
    return func(self, *new_args, **kwargs)
  File "src/web/server.py", line 666, in get
    if self.application.execution_service.is_running(entry.id, user):
  File "src/execution/execution_service.py", line 88, in is_running
    self.validate_execution_id(execution_id, user, only_active=False, allow_when_history_access=True)
  File "src/execution/execution_service.py", line 139, in validate_execution_id
    raise AccessProhibitedException('Prohibited access to not owned execution')
model.model_helper.AccessProhibitedException: Prohibited access to not owned execution
2021-07-08 13:57:03,982 [tornado.access.WARNING] 403 GET /history/execution_log/short (127.0.0.1) 150.28ms

History file 21-02-09_06-59-459.log has user_id and user_name foobar.

@bugy
Copy link
Owner

bugy commented Jul 8, 2021

Thanks, it seems I forgot it in some place

@bugy
Copy link
Owner

bugy commented Jul 9, 2021

Nice catch, I broke it in #387, when implemented better access checking. Actually this issues wasn't case relevant and was happening for all non-admin users, when opening history after server restart.

@bugy
Copy link
Owner

bugy commented Jul 9, 2021

I made a fix, could you try again, please?

@hamsterbacke
Copy link
Author

It works now, thanks :)

@bugy bugy closed this as completed Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug resolved
Projects
None yet
Milestone
1.17.0
Development

No branches or pull requests
2 participants
@bugy @hamsterbacke