ws: use the failing "init" message as /login result#20954
Merged
martinpitt merged 6 commits intocockpit-project:mainfrom Sep 1, 2024
Merged
ws: use the failing "init" message as /login result#20954martinpitt merged 6 commits intocockpit-project:mainfrom
martinpitt merged 6 commits intocockpit-project:mainfrom
Conversation
martinpitt
added
the
blocked
Member
|
I tried this PR in my local changes for PR #19401, and I am now also getting these bogus "401 Authentication required" failures without a proper error code (beiboot.py sends |
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Aug 30, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
Member
Author
login.js looks at the response status text, not the body. The issue is that when we have a |
This was referenced Aug 30, 2024
Move most local variables to their point of initialization and change everything to be g_autoptr() or g_autofree. Tuck a g_info() message into the block that would trigger its printing (instead of basing it on inspecting a variable which gets set later).
The usual fixes...
Add a variant of this function which accepts a body to return to the client instead of the usual error page. We take this approach instead of adding a parameter to the existing function in order to avoid needing to modify the (very) many call sites.
Just as with the last commit, wire through a "body" parameter on this function. This time we do it without adding a new variant, though, as there aren't so many callers of this API.
allisonkarlitskaya
force-pushed
the
login-fail-json
branch
from
fe47dad to
b94196f
Compare
Member
|
Thanks, this looks promising! This failure (two tests, but common code path) seems fine to just adjust to the "new" error message. This is a regression though, that screenshot is just weird. I suppose that'll be a slight change to login.js? |
Instead of hardcoding the error message for the case where we receive a JSON blob from cockpit_auth_login_finish(), make use of the "usual" cockpit_web_response_gerror() machinery. Currently this is only used by authorize challenges, in which case login.js doesn't care about the specific error message. In the next commit we'll also start returning JSON for login failures caused by the session program returning an error, and we want to ensure that this change doesn't result in the hardcoded error message, but rather continues to use the existing logic.
allisonkarlitskaya
force-pushed
the
login-fail-json
branch
2 times, most recently
from
ffd500a to
d2ae4ef
Compare
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Aug 30, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
If we fail a login attempt in response to receiving a
{ "command": "init", "problem", "..." }
control message from the session program, then return the message in
full as the result text for the /login page.
This makes use of an until-now dead code path in cockpithandlers that
pretty-prints and sets JSON data as the body of the GET /cockpit/login
result if it's returned from cockpit_auth_login_finish(). Previously we
were returning a fancy fail.html-formatted page which the XHR request in
login.js was simply ignoring.
Going forward, this will allow us to forward more interesting errors to
the login page.
Adjust the auth unit tests to expect the response blob in the cases where
it's relevant instead of always expecting NULL on the error path.
We also have to adjust two integration tests that manually inspected
that the result of /login contained HTML: it no longer does, because
it's JSON. Just inspect the request status reason, like login.js does.
Finally, there is a couple of cases where our "more intelligent" message
handling results in a more accurate error being reported: fix those in
the tests.
allisonkarlitskaya
force-pushed
the
login-fail-json
branch
from
d2ae4ef to
2e1aa4f
Compare
martinpitt
approved these changes
Aug 30, 2024
Member
martinpitt
left a comment
martinpitt
left a comment
There was a problem hiding this comment.
Thanks! Assuming green, this looks good to me (I already reviewed while you were still working on it). Please note the "blocked" though, I'm happy to shepherd this in next week.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Aug 30, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Sep 1, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Sep 1, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Sep 1, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
martinpitt
removed
the
blocked
Member
|
Time out freezing for translation updates -- when they come in, I'll do the release not from main, but from a temporary branch (latest safe commit + cherry-pick) |
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Sep 2, 2024
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the UI/recipe for confirming/validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field. We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign, see cockpit-project#19668. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. We want to keep using/storing full host keys While cockpit-ssh gave us the full host key right away during conversation, ssh (and thus ferny/beiboot) don't work that way: During conversation we only get the fingerprint. So for the "sending" direction, utilize the reently introduced temporary UserKnownHostsFile feature of beiboot, and send the known_hosts entry for the given host as part of the `Authorization:` header. For the "receiving" side we need to jump through a few hoops: * For a previously unknown host, we only get the full host key after a successful login, as part of the GET /login's `login-data` response. So defer updating our localStorage's `known_hosts` database until then. * ssh (and thus ferny/beiboot) don't report changed host keys as part of conversation, but immediatley abort. So remember that state in `ssh_host_key_change_host`, and re-attempt the login without sending known_hosts data. Our usual logic in `do_hostkey_verification()` will notice the change and present the correct dialog. * For a changed host key where the login fails due to wrong credentials, the login page never receives the new host key whose fingerprint the user just confirmed. So we can't remember that confirmation, and the next time the user has to re-confirm the changed key. cockpit-project#20954 provides some required plumbing for that. In the meantime, this seems acceptable as long as cockpit-beiboot isn't the default bastion host implementation yet. Adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt. Add testing of changed host key behaviour.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If we fail a login attempt in response to receiving a
{ "command": "init", "problem", "..." }control message from the session program, then return the message in full as the result text for the /login page.
This makes use of an until-now dead code path in cockpithandlers that pretty-prints and sets JSON data as the body of the GET /cockpit/login result if it's returned from cockpit_auth_login_finish(). Previously we were returning a fancy fail.html-formatted page which the XHR request in login.js was simply ignoring.
Going forward, this will allow us to forward more interesting errors to the login page.
Adjust the auth tests to expect the response blob in the cases where it's relevant instead of always expecting NULL on the error path.