Project

General

Profile

Actions

Bug #17754

closed

[wb] merge account problem

Added by Nico César over 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench
Target version:
Story points:
-
Release relationship:
Auto

Description

This could be a potential bug.

Steps to reproduce

  1. Create an account that is inactive
  2. Follow the link tod log into another account
  3. successfully logged in with an active account
  4. Accept the "merge accounts" dialog

See the screenshot with the fiddlesticks

This is a 2.2.0 pre-release


Files

fiddlesticks.png (44.1 KB) fiddlesticks.png Nico César, 06/03/2021 06:34 PM
2021-06-24_11-03.png (31.2 KB) 2021-06-24_11-03.png Step 3 Nico César, 06/24/2021 03:06 PM
2021-06-24_11-03_1.png (51.8 KB) 2021-06-24_11-03_1.png Step 4 Nico César, 06/24/2021 03:06 PM
2021-06-24_11-02.png (25.4 KB) 2021-06-24_11-02.png Step 2 Nico César, 06/24/2021 03:06 PM
2021-06-24_11-01_1.png (65.2 KB) 2021-06-24_11-01_1.png Step 1 Nico César, 06/24/2021 03:06 PM

Subtasks 1 (0 open1 closed)

Task #17836: Review 17754-federated-acct-merge (arvados & wb2 branches)ResolvedWard Vandewege02/18/2022Actions

Related issues 2 (1 open1 closed)

Related to Arvados - Feature #18788: User merge & migration support on LoginCluster federationsNewActions
Blocked by Arvados - Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression)ResolvedLucas Di Pentima11/23/2021Actions
Actions #1

Updated by Peter Amstutz over 3 years ago

  • Target version set to 2021-06-09 sprint
Actions #2

Updated by Peter Amstutz over 3 years ago

  • Release changed from 38 to 39
Actions #3

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-06-09 sprint to 2021-06-23 sprint
Actions #4

Updated by Ward Vandewege over 3 years ago

  • Related to Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
Actions #5

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-06-23 sprint to 2021-07-07 sprint
Actions #6

Updated by Peter Amstutz over 3 years ago

  • Assigned To set to Nico César
  • Subject changed from [wb] merge account problem to [wb] merge account problem

Updated by Nico César over 3 years ago

Steps to reproduce.

I created a brand new gmail account. Logged into pirca.

then as an admin, I disabled the user using "Deactivate Arvados Test"

then tried to log in with that user that was inactive and follow the merge account dialog with my (admin) account.

I got the same fiddlesticks and the user still has is_active=false.

Actions #8

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-07-07 sprint to 2021-07-21 sprint
Actions #9

Updated by Peter Amstutz over 3 years ago

  • Related to deleted (Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression))
Actions #10

Updated by Peter Amstutz over 3 years ago

  • Blocked by Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
Actions #11

Updated by Peter Amstutz over 3 years ago

  • Release deleted (39)
Actions #12

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-07-21 sprint to 2021-08-04 sprint
Actions #13

Updated by Peter Amstutz over 3 years ago

  • Assigned To deleted (Nico César)
Actions #14

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-08-04 sprint to 2021-08-18 sprint
Actions #15

Updated by Peter Amstutz over 3 years ago

  • Target version changed from 2021-08-18 sprint to 2021-09-01 sprint
Actions #16

Updated by Peter Amstutz over 3 years ago

  • Assigned To set to Lucas Di Pentima
Actions #17

Updated by Lucas Di Pentima over 3 years ago

  • Target version changed from 2021-09-01 sprint to 2021-09-15 sprint
Actions #18

Updated by Lucas Di Pentima over 3 years ago

  • Target version changed from 2021-09-15 sprint to 2021-09-29 sprint
Actions #19

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-09-29 sprint to 2021-10-13 sprint
Actions #20

Updated by Lucas Di Pentima about 3 years ago

  • Target version changed from 2021-10-13 sprint to 2021-10-27 sprint
Actions #21

Updated by Lucas Di Pentima about 3 years ago

  • Target version changed from 2021-10-27 sprint to 2021-11-24 sprint
Actions #22

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-11-24 sprint to 2021-12-08 sprint
Actions #23

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-12-08 sprint to 2022-01-05 sprint
Actions #24

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2022-01-05 sprint to 2022-01-19 sprint
Actions #25

Updated by Lucas Di Pentima almost 3 years ago

  • Target version changed from 2022-01-19 sprint to 2022-02-02 sprint
Actions #26

Updated by Peter Amstutz almost 3 years ago

  • Target version changed from 2022-02-02 sprint to 2022-02-16 sprint
Actions #27

Updated by Lucas Di Pentima almost 3 years ago

  • Target version changed from 2022-02-16 sprint to 2022-03-02 sprint
Actions #28

Updated by Lucas Di Pentima almost 3 years ago

  • Status changed from New to In Progress
Actions #29

Updated by Lucas Di Pentima almost 3 years ago

pirca is in LoginCluster federation with jutro.

  • I was able to reproduce the problem following Nico's description.
  • I was able to merge the accounts while doing the same procedure from jutro.
  • Reported Arvados versions
  • Federation-related fixes that may not be deployed:
    • #17914: "Log in as user from another cluster" doesn't work on 9tee4 (peer federation with ce8i5)
    • #17583: Remote controller forwards trusted client aware calls on a federated scenario
    • #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression)
Actions #30

Updated by Lucas Di Pentima almost 3 years ago

I've found this commit from 2 years ago that states that user merges aren't federated. If this is still true, I guess the fix for this issue is not offer the option to the user?

Actions #31

Updated by Lucas Di Pentima almost 3 years ago

From standup discussion:

  • Make the workbenches not offer user account merging on LoginCluster federation's satellite clusters.
  • Update documentation to say that we don't support "self-serving" user merging on LoginCluster federations and if still needed, the admin has to do it manually.
  • Make a new ticket to add the self-serving user merge feature on LoginCluster federations.
    • The main pain point is the user's objects migration on other satellite clusters; we may need to use some mechanism to flag that the merging already happened, making migration happen automatically whenever the user logs into the remaining satellite clusters.
Actions #32

Updated by Lucas Di Pentima almost 3 years ago

  • Related to Feature #18788: User merge & migration support on LoginCluster federations added
Actions #33

Updated by Lucas Di Pentima almost 3 years ago

Updates at d4d5dbe - branch 17754-federated-acct-merge
Test run:

  • Updates documentation stating that self-serve account linking is not supported for LoginCluster federations.
  • Modifies Workbench1's link account page to show a "not supported" message on when Login.LoginCluster is set.
Actions #34

Updated by Lucas Di Pentima almost 3 years ago

Updates at arvados-workbench2|0e86ce96 - branch 17754-federated-acct-merge (wb2 repo)
Test run:

  • Disables account linking options when Login.LoginCluster is set in inactive account and link account pages
Actions #35

Updated by Ward Vandewege almost 3 years ago

Lucas Di Pentima wrote:

Updates at d4d5dbe - branch 17754-federated-acct-merge
Test run:

  • Updates documentation stating that self-serve account linking is not supported for LoginCluster federations.
  • Modifies Workbench1's link account page to show a "not supported" message on when Login.LoginCluster is set.

LGTM, thanks!

Actions #36

Updated by Ward Vandewege almost 3 years ago

Lucas Di Pentima wrote:

Updates at arvados-workbench2|0e86ce96 - branch 17754-federated-acct-merge (wb2 repo)
Test run:

  • Disables account linking options when Login.LoginCluster is set in inactive account and link account pages

LGTM, thanks!

Actions #37

Updated by Lucas Di Pentima almost 3 years ago

  • Status changed from In Progress to Resolved
Actions #38

Updated by Peter Amstutz over 2 years ago

  • Release set to 46
Actions

Also available in: Atom PDF