Bug #17754
closed[wb] merge account problem
Description
This could be a potential bug.
Steps to reproduce
- Create an account that is inactive
- Follow the link tod log into another account
- successfully logged in with an active account
- Accept the "merge accounts" dialog
See the screenshot with the fiddlesticks
This is a 2.2.0 pre-release
Files
Updated by Peter Amstutz over 3 years ago
- Target version set to 2021-06-09 sprint
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-06-09 sprint to 2021-06-23 sprint
Updated by Ward Vandewege over 3 years ago
- Related to Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-06-23 sprint to 2021-07-07 sprint
Updated by Peter Amstutz over 3 years ago
- Assigned To set to Nico César
- Subject changed from [wb] merge account problem to [wb] merge account problem
Updated by Nico César over 3 years ago
- File 2021-06-24_11-01_1.png 2021-06-24_11-01_1.png added
- File 2021-06-24_11-02.png 2021-06-24_11-02.png added
- File 2021-06-24_11-03.png 2021-06-24_11-03.png added
- File 2021-06-24_11-03_1.png 2021-06-24_11-03_1.png added
Steps to reproduce.
I created a brand new gmail account. Logged into pirca.
then as an admin, I disabled the user using "Deactivate Arvados Test"
then tried to log in with that user that was inactive and follow the merge account dialog with my (admin) account.
I got the same fiddlesticks and the user still has is_active=false.
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-07-07 sprint to 2021-07-21 sprint
Updated by Peter Amstutz over 3 years ago
- Related to deleted (Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression))
Updated by Peter Amstutz over 3 years ago
- Blocked by Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-07-21 sprint to 2021-08-04 sprint
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-08-04 sprint to 2021-08-18 sprint
Updated by Peter Amstutz over 3 years ago
- Target version changed from 2021-08-18 sprint to 2021-09-01 sprint
Updated by Lucas Di Pentima over 3 years ago
- Target version changed from 2021-09-01 sprint to 2021-09-15 sprint
Updated by Lucas Di Pentima over 3 years ago
- Target version changed from 2021-09-15 sprint to 2021-09-29 sprint
Updated by Peter Amstutz about 3 years ago
- Target version changed from 2021-09-29 sprint to 2021-10-13 sprint
Updated by Lucas Di Pentima about 3 years ago
- Target version changed from 2021-10-13 sprint to 2021-10-27 sprint
Updated by Lucas Di Pentima about 3 years ago
- Target version changed from 2021-10-27 sprint to 2021-11-24 sprint
Updated by Peter Amstutz about 3 years ago
- Target version changed from 2021-11-24 sprint to 2021-12-08 sprint
Updated by Peter Amstutz about 3 years ago
- Target version changed from 2021-12-08 sprint to 2022-01-05 sprint
Updated by Peter Amstutz about 3 years ago
- Target version changed from 2022-01-05 sprint to 2022-01-19 sprint
Updated by Lucas Di Pentima almost 3 years ago
- Target version changed from 2022-01-19 sprint to 2022-02-02 sprint
Updated by Peter Amstutz almost 3 years ago
- Target version changed from 2022-02-02 sprint to 2022-02-16 sprint
Updated by Lucas Di Pentima almost 3 years ago
- Target version changed from 2022-02-16 sprint to 2022-03-02 sprint
Updated by Lucas Di Pentima almost 3 years ago
- Status changed from New to In Progress
Updated by Lucas Di Pentima almost 3 years ago
pirca
is in LoginCluster federation with jutro
.
- I was able to reproduce the problem following Nico's description.
- I was able to merge the accounts while doing the same procedure from jutro.
- Reported Arvados versions
- pirca arvados version: 2.3.2~rc1 (4dce2661e80da9b65e5a548c863d61239233d6b0)
- jutro arvados version: 2.2.1 (dd9afa05c8cafc6a4db9627efd47714634386c1a)
- Federation-related fixes that may not be deployed:
- #17914: "Log in as user from another cluster" doesn't work on 9tee4 (peer federation with ce8i5)
- #17583: Remote controller forwards trusted client aware calls on a federated scenario
- #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression)
Updated by Lucas Di Pentima almost 3 years ago
I've found this commit from 2 years ago that states that user merges aren't federated. If this is still true, I guess the fix for this issue is not offer the option to the user?
Updated by Lucas Di Pentima almost 3 years ago
From standup discussion:
- Make the workbenches not offer user account merging on LoginCluster federation's satellite clusters.
- Update documentation to say that we don't support "self-serving" user merging on LoginCluster federations and if still needed, the admin has to do it manually.
- Make a new ticket to add the self-serving user merge feature on LoginCluster federations.
- The main pain point is the user's objects migration on other satellite clusters; we may need to use some mechanism to flag that the merging already happened, making migration happen automatically whenever the user logs into the remaining satellite clusters.
Updated by Lucas Di Pentima almost 3 years ago
- Related to Feature #18788: User merge & migration support on LoginCluster federations added
Updated by Lucas Di Pentima almost 3 years ago
Updates at d4d5dbe - branch 17754-federated-acct-merge
Test run:
- Updates documentation stating that self-serve account linking is not supported for LoginCluster federations.
- Modifies Workbench1's link account page to show a "not supported" message on when
Login.LoginCluster
is set.
Updated by Lucas Di Pentima almost 3 years ago
Updates at arvados-workbench2|0e86ce96 - branch 17754-federated-acct-merge
(wb2 repo)
Test run:
- Disables account linking options when
Login.LoginCluster
is set in inactive account and link account pages
Updated by Ward Vandewege almost 3 years ago
Lucas Di Pentima wrote:
Updates at d4d5dbe - branch
17754-federated-acct-merge
Test run:
- Updates documentation stating that self-serve account linking is not supported for LoginCluster federations.
- Modifies Workbench1's link account page to show a "not supported" message on when
Login.LoginCluster
is set.
LGTM, thanks!
Updated by Ward Vandewege almost 3 years ago
Lucas Di Pentima wrote:
Updates at arvados-workbench2|0e86ce96 - branch
17754-federated-acct-merge
(wb2 repo)
Test run:
- Disables account linking options when
Login.LoginCluster
is set in inactive account and link account pages
LGTM, thanks!
Updated by Lucas Di Pentima almost 3 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-workbench-2:arvados-workbench2|6e335a900ab99ddc7b7288e00d20a54f6c75ec8f.