View Issue Details

IDProjectCategoryView StatusLast Update
0001453RackTablesdefaultpublic2017-09-11 14:30
ReporterinfrastationAssigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
Product Version0.20.10 
Target VersionFixed in Version 
Summary0001453: Odd problem when logging out
Description(This had been originally reported by Theodore Van Iderstine, it reproduces for me as described below.)

I've recently installed version 0.20.10 (but I don't know that it only started with this version.) If I log in using the builtin admin account, without clicking on anything, mouseover of the logout button shows the following:
https://logout@host.domain.local/?logout
If I click on Rackspace, and then mouseover the logout button, it shows the following:
https://logout@host.domain.local/racktables/?logout

The installation is on CentOS 6 and the files are under "/var/www/html/racktables".

Is this a known bug or do I have likely something misconfigured.
TagsNo tags attached.

Relationships

duplicate of 0000496 closedinfrastation logout did not work as expected 

Activities

pRZelAHkmB78

pRZelAHkmB78

2015-03-30 23:39

reporter   ~0002803

Last edited: 2015-03-31 00:22

View 2 revisions

+1, and more information:

After following (in my case) https://logout@10.x.x.x/?logout , Firefox warns:

"
You are about to log in to the site "10.x.x.x" with the username "logout", but the website does not require authentication. This may be an attempt to trick you.

Is "10.x.x.x" the site you want to visit?
"

If I confirm Yes, I am shown my Apache 2 Test Page, and I am not prompted for any authentication. From here, when I open

  https://10.x.x.x/racktables

I am not prompted for credentials, and I am already logged in as admin.

I observe this in Firefox 36.0.4 and Chrome 41.0.2272.101 m. In IE 11, the 'logout' link does not even appear to have a target.

Next step:

If I navigate within RackTables, then hover over 'logout,' the link has become

  https://logout@10.x.x.x/racktables/?logout

In Chrome, when I click 'logout,' the page does not change, but I am prompted for credentials. If I decline to provide them, the browser shows "This system requires authentication. You should use a username and a password." If I immediately re-attempt https://10.x.x.x/racktables, I am not prompted for credentials and am already logged in as admin.

In Firefox, when I clock 'logout,' the page does not change, but I am prompted for credentials. If I decline to provide them, the browser shows "This system requires authentication. You should use a username and a password" (same as Chrome). But, if I immediately re-attempt https://10.x.x.x/racktables, I am prompted for credentials and must provide them.

Summarizing:
* If *no* navigation within RackTables is performed after login, the logout URL does not contain the segment "/racktables". When clicking 'logout', the session appears to be not destroyed.
* If navigation *is* performed within RackTables, the logout URL *does* contain the segment "/racktables". When clicking 'logout', the session appears to be destroyed in Firefox, but *not* destroyed in Chrome.
* No matter what, IE 11 doesn't even realize that 'logout' is a link.

ronator

ronator

2017-09-06 17:19

reporter   ~0003689

Hi. I am new to racktables. I know the above problem in terms of "won't work with https". I think the main problem is when you switch from http to https.

+ installed and setup racktables with http -> logout link a bit strange - but works okay
+ switched to https -> logout link does not work anymore
+ switched back to http (commenting out lines in site.conf) -> logout link works

The messages @pRZelAHkmB78 showed are exactly what happens when switched to https. All example links above use https. So I assume I have exactly the same problem but only when I use https.

My question is: what do I have to do to enable racktables logout over https?

I attached the different "log out boxes" regarding http (working) and https (not working). Please excuse the use of German language in these images. The text says what @pRZelAHkmB7 wrote.

Auswahl_834.png (16,025 bytes)
Auswahl_834.png (16,025 bytes)
Auswahl_833.png (15,207 bytes)
Auswahl_833.png (15,207 bytes)
ronator

ronator

2017-09-07 10:24

reporter   ~0003693

I think my problem is due to my setup. I run racktables in lxd container with apache reverse proxy. Outside i run https, but inside the container i run only http.
This part of the code is causing my problems, because the serving host (in the container) hasn't https running:

function showLogoutURL ()
{
        $https = (isset ($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : '';
         // some more code
        printf ('http%s://logout@%s%s?logout', $https, $_SERVER['SERVER_NAME'], $dirname);

###

I commented setting $https and changed the line to

printf ('https://logout@%s%s?logout', $_SERVER['SERVER_NAME'], $dirname);

Sorry for the noise!
infrastation

infrastation

2017-09-08 22:10

administrator   ~0003699

Finally I was able to reproduce this bug and find why it happens. No solution yet.
infrastation

infrastation

2017-09-11 14:30

administrator   ~0003703

Bug 0000496 has the resolution for this problem, all other similar bugs have been marked as duplicate. Closing.

Issue History

Date Modified Username Field Change
2015-03-23 00:27 infrastation New Issue
2015-03-30 23:39 pRZelAHkmB78 Note Added: 0002803
2015-03-31 00:22 pRZelAHkmB78 Note Edited: 0002803 View Revisions
2017-09-06 17:19 ronator File Added: Auswahl_833.png
2017-09-06 17:19 ronator File Added: Auswahl_834.png
2017-09-06 17:19 ronator Note Added: 0003689
2017-09-07 10:24 ronator Note Added: 0003693
2017-09-08 22:10 infrastation Status new => acknowledged
2017-09-08 22:10 infrastation Note Added: 0003699
2017-09-11 14:29 infrastation Relationship added duplicate of 0000496
2017-09-11 14:30 infrastation Status acknowledged => closed
2017-09-11 14:30 infrastation Resolution open => duplicate
2017-09-11 14:30 infrastation Note Added: 0003703