[ZEPPELIN-1052] Application does not logout user when authcBasic is used

[prabhjyotsingh]

What is this PR for?

This PR is WRT to this mail thread (Authentication in zeppelin)
Where in if authcBasic mechanisim is used then on clicking logout, the user doesn't gets logout.

What type of PR is it?

[Bug Fix]

Todos

• - set username and password false on logout

What is the Jira issue?

• ZEPPELIN-533

How should this be tested?

In shiro.ini conf set /** = authcBasic, then start the zeppelin server.

• try login as admin/password1
• now try to logout (this should work)

Questions:

• Does the licenses files need update? n/a
• Is there breaking changes for older versions? n/a
• Does this needs documentation? n/a

[Leemoonsoo]

Tested this branch with both authc and authcBasic and logout works well. LGTM

[AhyoungRyu]

Yeah it works well. LGTM 👍

[Abhisar]

Verified and It works.LGTM from me too

[prabhjyotsingh]

Merging this if no more discussion.

[minahlee]

@prabhjyotsingh Thanks for the fix!
Seems like this PR is bringing CI error in master, branch-0.6:

Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 81.986 sec <<< FAILURE! - in org.apache.zeppelin.integration.AuthenticationIT
testGroupPermission(org.apache.zeppelin.integration.AuthenticationIT)  Time elapsed: 42.459 sec  <<< ERROR!
org.openqa.selenium.TimeoutException: Timed out after 30 seconds waiting for org.apache.zeppelin.AbstractZeppelinIT$1@4c156b4b
Build info: version: '2.48.2', revision: '41bccdd10cf2c0560f637404c2d96164b67d9d67', time: '2015-10-09 13:08:06'
System info: host: 'testing-worker-linux-docker-8fa71dca-3379-linux-8', ip: '172.17.9.181', os.name: 'Linux', os.arch: 'amd64', os.version: '3.13.0-40-generic', java.version: '1.7.0_76'
Driver info: driver.version: unknown
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at org.openqa.selenium.remote.ErrorHandler.createThrowable(ErrorHandler.java:206)
    at org.openqa.selenium.remote.ErrorHandler.throwIfResponseFailed(ErrorHandler.java:158)
    at org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:647)
    at org.openqa.selenium.remote.RemoteWebDriver.findElement(RemoteWebDriver.java:353)
    at org.openqa.selenium.remote.RemoteWebDriver.findElementByXPath(RemoteWebDriver.java:490)
    at org.openqa.selenium.By$ByXPath.findElement(By.java:361)
    at org.openqa.selenium.remote.RemoteWebDriver.findElement(RemoteWebDriver.java:345)
    at org.apache.zeppelin.AbstractZeppelinIT$1.apply(AbstractZeppelinIT.java:116)
    at org.apache.zeppelin.AbstractZeppelinIT$1.apply(AbstractZeppelinIT.java:114)
    at org.openqa.selenium.support.ui.FluentWait.until(FluentWait.java:238)
    at org.apache.zeppelin.AbstractZeppelinIT.pollingWait(AbstractZeppelinIT.java:114)
    at org.apache.zeppelin.integration.AuthenticationIT.authenticationUser(AuthenticationIT.java:109)
    at org.apache.zeppelin.integration.AuthenticationIT.testGroupPermission(AuthenticationIT.java:177)
Caused by: org.openqa.selenium.NoSuchElementException: Unable to locate element: {"method":"xpath","selector":"//div[contains(@class, 'navbar-collapse')]//li//button[contains(.,'Login')]"}

I was able to reproduce error that logout doesn't work by following:

1. start zeppelin with default shiro.ini
2. create Untitled Note 1 and set permissions to (admin, admin, admin)
3. go back to zeppelin main page (http://localhost:8080)
4. click Untitled Note 1
5. login as admin
6. click logout button -> doesn't work
   Could you take a look please?

[prabhjyotsingh]

@minahlee, Thank you for review this.

With default shiro.ini i.e.

/api/version = anon
/** = anon
#/** = authc

Under Insufficient privileges "Login button" should not show up, sounds like a different bug to me, but if you refresh the page, the auth info will be removed.

And before merging this PR, when I saw travis log, it was failing for these two, and I assumed both were unrelated.

Results :

Failed tests: 
  ParagraphActionsIT.testTitleButton:350 After Show Title : The title field contains
Expected: "Untitled"
     but: was ""

Tests in error: 
  AuthenticationIT.testGroupPermission:177->authenticationUser:109->AbstractZeppelinIT.pollingWait:114 » Timeout

I'll open up a HOTFIX now, to fix CI.

[minahlee]

@prabhjyotsingh Thanks for quick response. The steps I wrote was just for reproducing the case that logout action doesn't work because I couldn't reproduce it in my laptop with shiro setting in AuthenticationIT

And yes I agree that showing login button with insufficient privileges doesn't make much of sense.

Tests in error: 
  AuthenticationIT.testGroupPermission:177->authenticationUser:109->AbstractZeppelinIT.pollingWait:114 » Timeout

This seems to happen because it is trying to find Login button after logout, but cannot since logout button is not functioning.
Attaching the screen shot from https://s3.amazonaws.com/archive.travis-ci.org/jobs/139763023/log.txt where selenium tries to find Login button:

[prabhjyotsingh]

@minahlee Thank you for much explanation about the issue.Have open up #1084 to find and fix this issue, I'll try to resolve ASAP.

[corneadoug]

@prabhjyotsingh I got it working on localhost:8080, but not using ./grunt serve
Could you take a look?

[prabhjyotsingh]

@corneadoug, will surly look into it, in the mean while have created this a new jira for tracking the same https://issues.apache.org/jira/browse/ZEPPELIN-1125