Sign-in pop-up

[bdunne]

Chrome Version 69.0.3497.81 (Official Build) (64-bit)
The first time I start a server and hit the login page or first time I navigate to the login page that day I get "Sign-in" pop-up.

[bdunne]

This is on manageiq master@96d0b65c0f603557e9c9af272f9f7d00de9e5293
with ~/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8

$ rails s
=> Booting Puma
=> Rails 5.0.7 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
** ManageIQ master; Database: adapter=postgresql, name=vmdb_development, host=
** Using session_store: ActionDispatch::Session::MemCacheStore
** ManageIQ master, codename: Hammer
I, [2018-09-28T08:23:15.074092 #20129]  INFO -- : Initializing websocket worker!
Puma starting in single mode...
* Version 3.7.1 (ruby 2.4.3-p205), codename: Snowy Sagebrush
* Min threads: 5, max threads: 5
* Environment: development
* Listening on tcp://localhost:3000
Use Ctrl-C to stop
^[[1;3A[----] W, [2018-09-28T08:23:52.627408 #20129:2fce020]  WARN -- : DEPRECATION WARNING: You didn't set `secret_key_base`. Read the upgrade documentation to learn more about this new config option. (called from env_config at /home/bdunne/.gem/ruby/2.4.3/gems/railties-5.0.7/lib/rails/application.rb:246)
[----] I, [2018-09-28T08:23:52.628687 #20129:2fce020]  INFO -- : Started GET "/" for ::1 at 2018-09-28 08:23:52 -0400
[----] I, [2018-09-28T08:23:54.043157 #20129:2fce020]  INFO -- : Processing by DashboardController#login as HTML
[----] D, [2018-09-28T08:23:54.156623 #20129:2fce020] DEBUG -- : PostgreSQLAdapter#log_after_checkout, connection_pool: size: 5, connections: 1, in use: 1, waiting_in_queue: 0
[----] D, [2018-09-28T08:23:54.157320 #20129:2fce020] DEBUG -- :   MiqServer Load (0.3ms)  SELECT  "miq_servers".* FROM "miq_servers" WHERE "miq_servers"."guid" = $1 LIMIT $2  [["guid", "18d1f376-df03-11e5-9b0a-02424b82bda0"], ["LIMIT", 1]]
[----] D, [2018-09-28T08:23:54.157758 #20129:2fce020] DEBUG -- :   MiqServer Inst Including Associations (0.1ms - 1rows)
[----] I, [2018-09-28T08:23:54.170763 #20129:2fce020]  INFO -- :   Rendering /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/dashboard/login.html.haml within layouts/login
[----] D, [2018-09-28T08:24:12.073201 #20129:2fce020] DEBUG -- :   CACHE (0.0ms)  SELECT  "miq_servers".* FROM "miq_servers" WHERE "miq_servers"."guid" = $1 LIMIT $2  [["guid", "18d1f376-df03-11e5-9b0a-02424b82bda0"], ["LIMIT", 1]]
[----] D, [2018-09-28T08:24:12.073476 #20129:2fce020] DEBUG -- :   MiqServer Inst Including Associations (0.1ms - 1rows)
[----] I, [2018-09-28T08:24:12.073599 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/layouts/_spinner.html.haml (2.7ms)
[----] I, [2018-09-28T08:24:12.079137 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/layouts/_flash_msg.html.haml (4.1ms)
[----] I, [2018-09-28T08:24:12.087046 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/dashboard/_login_more.html.haml (2.9ms)
[----] D, [2018-09-28T08:24:12.120741 #20129:2fce020] DEBUG -- :   Zone Load (0.3ms)  SELECT  "zones".* FROM "zones" WHERE "zones"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
[----] D, [2018-09-28T08:24:12.121064 #20129:2fce020] DEBUG -- :   Zone Inst Including Associations (0.1ms - 1rows)
[----] I, [2018-09-28T08:24:12.121586 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/dashboard/login.html.haml within layouts/login (17950.6ms)
[----] I, [2018-09-28T08:24:12.127735 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/layouts/_doctype.html.haml (0.9ms)
[----] I, [2018-09-28T08:24:13.206603 #20129:2fce020]  INFO -- :   Rendered /home/bdunne/.gem/ruby/2.4.3/bundler/gems/manageiq-ui-classic-e1897a0e06d8/app/views/layouts/_i18n_js.html.haml (1.0ms)
[----] D, [2018-09-28T08:24:13.206987 #20129:2fce020] DEBUG -- :   CACHE (0.0ms)  SELECT  "miq_servers".* FROM "miq_servers" WHERE "miq_servers"."guid" = $1 LIMIT $2  [["guid", "18d1f376-df03-11e5-9b0a-02424b82bda0"], ["LIMIT", 1]]
[----] D, [2018-09-28T08:24:13.207231 #20129:2fce020] DEBUG -- :   MiqServer Inst Including Associations (0.1ms - 1rows)
Session:	 Hash of Size 3728, Elements 13
=================================
[----] I, [2018-09-28T08:24:13.207876 #20129:2fce020]  INFO -- : Completed 200 OK in 19165ms (Views: 19049.1ms | ActiveRecord: 0.7ms)


[----] D, [2018-09-28T08:24:13.209613 #20129:2fce020] DEBUG -- : PostgreSQLAdapter#log_after_checkin, connection_pool: size: 5, connections: 1, in use: 0, waiting_in_queue: 0
[----] I, [2018-09-28T08:24:30.732478 #20129:2fccb80]  INFO -- : Started DELETE "/api/auth" for ::1 at 2018-09-28 08:24:30 -0400
[----] I, [2018-09-28T08:24:30.840613 #20129:2fccb80]  INFO -- : Processing by Api::AuthController#destroy as JSON
[----] D, [2018-09-28T08:24:30.853143 #20129:2fccb80] DEBUG -- : Cache read: f8102527944473b1989cf7b60fd0a01d
[----] D, [2018-09-28T08:24:30.853488 #20129:2fccb80] DEBUG -- : Dalli::Server#connect 127.0.0.1:11211
[----] I, [2018-09-28T08:24:30.863318 #20129:2fccb80]  INFO -- : Filter chain halted as :require_api_user_or_token rendered or redirected
[----] I, [2018-09-28T08:24:30.863565 #20129:2fccb80]  INFO -- : Completed 401 Unauthorized in 23ms (ActiveRecord: 0.0ms)

[jerryk55]

I have been seeing this on Safari 12.0 (13606.2.11) as well. It is not browser specific.

[d-m-u]

Yeah, chiming in to echo @jerryk55, seeing on FF too.

[tadeboro]

Link to notes about the possible cause: ManageIQ/manageiq-api#359 (comment)

[martinpovolny]

Tadej Borovšak @tadeboro
@bdunne This is the discussion I had with @himdel: https://gitter.im/ManageIQ/manageiq?at=5b7bb8cae5b40332abd7f1eb
And notes he wrote: https://github.com/ManageIQ/manageiq-api/pull/359#issuecomment-384033068
Hope this helps a bit.

Brandon Dunne @bdunne 17:27
interesting, thanks @tadeboro

Martin Povolny @martinpovolny 21:00
reading back, the 2nd option that @himdel suggested "make the API not try HTTP-auth when the x-auth-token header is present" corresponds to what I wrote: that the API falls-back to basic auth
so this fall back shoud be removed at least in case of an expired session
that's the correct fix, I think

I really think that this should be fixed on the API side.

[himdel]

Yes, this needs to fixed on the API side.

I really tried to get anybody from the api team to help ☝️ August 21, 2018 12:17 PM.

If this is waiting for me, this will be waiting until we're done moving off bower.
Any takers? :)

[himdel]

Update: the RFC quoted in ManageIQ/manageiq-api#359 is the HTTP Basic Authentication RFC. Of course the RFC is correct that the header should be there when authentication fails and we're using it. But not when using a different form of authentication, like token-based.

Will be reverting that particular change. (Not the whole PR, just the part that assumes 401 means using HTTP Basic.)

[himdel]

Simplest way to test (in browser console):

localStorage.miq_token = '123';
API.logout();

[himdel]

Should be fixed in ManageIQ/manageiq-api#488