--auth-none=1 no longer working

[monken]

System details

RStudio Edition : Server
RStudio Version : 1.3.1073
OS Version      : Ubuntu
R Version       : 4.0.2

Steps to reproduce the problem

with the latest rstudio server release it seems that --auth-none=1 is no longer working. To reproduce, clear all cookies for localhost and launch the server with --auth-none=1. The server will launch but the website will be stuck launching an R session. Funny enough, if you are coming from a session WITH authentication, it will work because a cookie was set.

• I have read the guide to submitting good bug reports at https://github.com/rstudio/rstudio/wiki/Writing-Good-Bug-Reports .
• I have installed the latest version of RStudio and confirmed that the issue still persists.
• If I am reporting a RStudio crash, I have included a diagnostics report. https://support.rstudio.com/hc/en-us/articles/200321257-Running-a-Diagnostics-Report
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

[monken]

It looks like a different flavor of this regression already exists in v1.3.959. Instead of the spinning icon, the user is redirected to a log in page (starting with no cookies).

[andrewtdavis]

In my testing, it seems like 1.2.5042 works perfectly, 1.3.959 gets the login page prompt on first visit only (then works by going to the same page again without logging in), and 1.3.1056 has a spinning ball unless you've previously logged into an R-Studio session with a valid username and password previously.

Launch arguments:
1.2: /usr/lib/rstudio-server/bin/rserver --server-daemonize=0 --auth-none=1 --server-user=$USER --server-app-armor-enabled=0
1.3: /usr/lib/rstudio-server/bin/rserver --server-data-dir=/home/$USER/rstudio-server --server-daemonize=0 --auth-none=1

[PromyLOPh]

I can reproduce the same issue. Since we’re calling rsession directly (without starting rserver) I noticed 1.3.959 sets the cookie csrf-token with the secure flag, causing /client_init to fail (localhost has no SSL) and triggering the redirect to /auth-sign-in (which does not exist without rserver). The spinning ball of 1.3.1056 is also triggered by a missing csrf-token cookie. If it is present (and has the correct value), loading RStudio works fine for me.

[R-Hannibal]

@monken, thank you for finding and reporting this issue.

We have a fix in place in our latest Daily build of the upcoming 1.4 release of RStudio (available HERE). If you get the chance will you let us know if the issue is resolved for you in that build?

[tmcduff]

Version: 1.3.1091-1/2 on Ubuntu

[parsley42]

FYI, I had the same issue, and it was fixed for my CentOS7 container using this daily:
https://s3.amazonaws.com/rstudio-ide-build/server/centos6/x86_64/rstudio-server-rhel-1.4.861-x86_64.rpm

[parsley42]

Ugh. Scratch that? I upgraded the container to the version above and it worked. I rebuilt the container from scratch with that version, and it doesn't work. Sorry for the indeterminate info.

Update: the magic smoke I was missing was export USER=user (where user is the user it runs as).