Bug 52314 – Portal Preview App doesn't renew sessions anymore making logout impossible

Bug 52314 - Portal Preview App doesn't renew sessions anymore making logout impossible


Summary:	Portal Preview App doesn't renew sessions anymore making logout impossible

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Portal
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.4-6-errata
Assigned To:	Florian Best
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:	51856
Blocks:	52345
	Show dependency tree / graph

Reported:	2020-11-05 15:00 CET by Florian Best
Modified:	2021-09-16 15:48 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Regression, Usability
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2020-11-05 15:00:50 CET

The cloned bug caused that no session-info request is done anymore in the Preview Portal:

git:d92df72b91bbf06dd82fde99cddc595c52238e13
+                       login.onLogin(lang.hitch(this, function() {
+                               this._setupEditModeIfAuthorized();
+                               this._refresh(portalTools.RenderMode.NORMAL).then(lang.hitch(this, function() {
+                                       this._addLinks();
+                               }));
+                               // Do not force a relogin on the portal
+                               tools.checkSession(false);
+                       }));

This caused that it is never detected that the session timed out and therefore no passive SAML login is done anymore after this session timeout.
When clicking the on the logout button the page refreshes and one is logged in again because the session on the IDP is still valid (just the UMC session is gone).

Plus, another inefficient thing has been added: The portal.json is now fetched (on my system) 15 times. (This might depend on the number of portal entries?!).
It should be fetched only once. A deferred should be added which blocks other requests while a request is already ongoing.

+++ This bug was initially created as a clone of Bug #51856 +++

At the moment the Portal only re-render when the login button is clicked.
It should re-render when detecting a login instead.

Comment 1 Florian Best

2020-11-05 19:02:03 CET

univention-portal (3.1.0-40)
bd99988e0730 | Bug #52314: debian/changelog
7aaa22178d01 | Bug #52314: do not fetch portal.json multiple times
    portal.json was fetched multiple times (up to 15 - 20 times) in various
    situations. The original reason to fetch it once is in edit mode so
    after modifying we give the listener module enough time to write the new
    entries so that we know the latest state. This was originally implemented in
    git:f5adc6cc7d8d526fcb5af6bad222e8ec4299d3b8. We now only do this logic if
    we are really in edit mode and save/modify something.

a781875d306f | Bug #52314: do not disable session polling during portal usage
    We need to detect when the SAML session is timed out so that we can make
    a new passive saml login in the iframe so users 1. don't get logged out
    and 2. even if they are logged out, the logout button is stilled
    rendered and when one clicks on it the user is already logged out from
    UMC so only a page refresh is done which then does the passive SAML
    iframe login and one is logged in again.

Comment 2 Jürn Brodersen

2020-11-09 11:44:00 CET

What I tested:
session-info is called every 30 sec again -> OK
Session is renewed -> OK
Logout -> OK 
Edit mode -> OK
portal.json is called only when necessary -> OK