Project

General

Profile

Actions
Copy link

Bug #25123

closed

Authentication happens twice with same session id

Added by Clark ANDRIANASOLO 4 months ago. Updated 27 days ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Security
Target version:
8.1.7
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I was bothered the first time
User visibility:
First impressions of Rudder
Effort required:
Small
Priority:
95
Name check:
To do
Fix check:
Checked
Regression:
No

Description

When logging in as a Rudder user, I successfully log in but I see an error log about a database unique constraint violation error on (userid, sessionid) from the UserRepository#logStartSession method : 

2024-07-09 13:26:03+0000 INFO  application - Rudder authentication attempt for principal 'admin' with backend 'file': success
2024-07-09 13:26:03.351:WARN :oejs.HttpChannel:qtp125622176-20: /rudder/j_spring_security_check
Exception in thread "zio-fiber-1175" com.normation.errors$SystemError: SystemError(Error when saving session 'node06kqmzsp107cm1ezn7dr0uf1tw2' info for user 'admin',org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "usersessions_pkey"|  Detail: Key (userid, sessionid)=(admin, node06kqmzsp107cm1ezn7dr0uf1tw2) already exists.)|?at zio.interop.ZioMonadErrorE.raiseError.trace(cats.scala:628)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.free.Free.foldMap(Free.scala:166)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.effect.kernel.Resource.fold(Resource.scala:173)|?at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:93)|?at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:622)|?at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
    at zio.interop.ZioMonadErrorE.raiseError.trace(cats.scala:628)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.free.Free.foldMap(Free.scala:166)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.effect.kernel.Resource.fold(Resource.scala:173)
    at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:93)
    at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:622)
    at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
2024-07-09 13:26:10+0000 INFO  application - Rudder authentication attempt for principal 'admin' with backend 'file': success

The database error suggests that we are executing the authenticate method twice with the same context (session and user).

We would like to know in which cases this happens, and at least avoid throwing this error.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #24017: Webapp can fail to start with null sessionid error ReleasedFrançois ARMANDActions
Actions
Copy link

Also available in: Atom PDF