Project

General

Profile

Actions

Bug #17108

closed

cannot login in Rudder 6.1

Added by Nicolas CHARLES over 4 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
50
Name check:
To do
Fix check:
Checked
Regression:

Description

I cannot login on Rudder 6.1
I've set a rudder-user, with user nimda rather thann admin, to check if it fixes, but it doesn't

Error is Error 500

Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.
Apache/2.4.25 (Debian) Server at 192.168.44.2 Port 443

spring security logs are

[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/style/**'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/images/**'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/javascript/**'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/cache-**'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/api/**'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: Session@7bd34e69{id=node01d9rvfs7gj7awiprbutfphceu0,x=node01d9rvfs7gj7awiprbutfphceu0.node0,req=1,res=true}. A new one will be created.
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'HeaderWriterFilter'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/j_spring_security_check'
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
[2020-04-13 22:30:05+0200] DEBUG bootstrap.liftweb.RudderProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'nimda' not found
[2020-04-13 22:30:05+0200] DEBUG bootstrap.liftweb.RudderProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2c0cde9f
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[2020-04-13 22:30:05+0200] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

User is not found

Actions #1

Updated by Nicolas CHARLES over 4 years ago

ok, hash method was sha512, but the hash="bcrypt" was seelcted

Actions #2

Updated by Nicolas CHARLES over 4 years ago

  • Severity changed from Critical - prevents main use of Rudder | no workaround | data loss | security to Major - prevents use of part of Rudder | no simple workaround
  • User visibility changed from Getting started - demo | first install | Technique editor and level 1 Techniques to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 47 to 26
Actions #3

Updated by Elaad FURREEDAN over 4 years ago

  • Assignee set to Elaad FURREEDAN
Actions #4

Updated by Elaad FURREEDAN over 4 years ago

  • Status changed from New to In progress
Actions #5

Updated by Elaad FURREEDAN over 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Elaad FURREEDAN to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2901
Actions #6

Updated by Anonymous over 4 years ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by Vincent MEMBRÉ over 4 years ago

  • Status changed from Pending release to Released
  • Priority changed from 26 to 52

This bug has been fixed in Rudder 6.1.0~beta1 which was released today.

Actions #8

Updated by François ARMAND over 4 years ago

  • Priority changed from 52 to 50
  • Fix check changed from To do to Checked
Actions

Also available in: Atom PDF