Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to rereach settings page in UI after entering invalid ACL token #2370

Closed
ghost opened this issue Sep 28, 2016 · 1 comment · Fixed by #3245
Closed

Unable to rereach settings page in UI after entering invalid ACL token #2370

ghost opened this issue Sep 28, 2016 · 1 comment · Fixed by #3245
Assignees
Labels
archived/webui This was used for v1/ui theme/acls ACL and token generation type/bug Feature does not function as expected

Comments

@ghost
Copy link

ghost commented Sep 28, 2016

$ consul version
Consul Version: v0.7.0-rc1-12-ge7dade7-dev (e7dade7+CHANGES)
Protocol Version: speaks 2 by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)

consul info for both Client and Server

$ ./bin/consul info
agent:
    check_monitors = 0
    check_ttls = 0
    checks = 0
    services = 1
build:
    prerelease = dev
    revision = 'e7dade7
    version = 0.7.0
consul:
    bootstrap = false
    known_datacenters = 1
    leader = false
    leader_addr = 192.168.XXX.XXX:8300
    server = true
raft:
    applied_index = 568080
    commit_index = 568080
    fsm_pending = 0
    last_contact = 5.93197ms
    last_log_index = 568080
    last_log_term = 8258
    last_snapshot_index = 562302
    last_snapshot_term = 8249
    latest_configuration = [{Suffrage:Voter ID:192.168.XXX.XXX:8300 Address:192.168.XXX.XXX:8300} {Suffrage:Voter ID:192.168.XXX.XXX:8300 Address:192.168.XXX.XXX:8300} {Suffrage:Voter ID:192.168.XXX.XXX:8300 Address:192.168.XXX.XXX:8300} {Suffrage:Voter ID:192.168.XXX.XXX:8300 Address:192.168.XXX.XXX:8300}]
    latest_configuration_index = 568073
    num_peers = 3
    protocol_version = 1
    protocol_version_max = 3
    protocol_version_min = 0
    snapshot_version_max = 1
    snapshot_version_min = 0
    state = Follower
    term = 8258
runtime:
    arch = amd64
    cpu_count = 4
    goroutines = 61
    max_procs = 4
    os = darwin
    version = go1.7
serf_lan:
    encrypted = true
    event_queue = 0
    event_time = 788
    failed = 0
    health_score = 0
    intent_queue = 0
    left = 0
    member_time = 140
    members = 6
    query_queue = 0
    query_time = 1
serf_wan:
    encrypted = true
    event_queue = 0
    event_time = 1
    failed = 0
    health_score = 0
    intent_queue = 0
    left = 0
    member_time = 1
    members = 1
    query_queue = 0
    query_time = 1

Operating system and Environment details

Reproducible on any OS since it is part of the UI.

Description of the Issue (and unexpected/desired result)

If someone types in an incorrect token on the settings page, as soon as they navigate to the Key/Value page they get a 403 with no opportunity to go back. if they try to navigate back in their browser to the settings page, that page returns a 403 as well and the only solution is to clear the website's local storage in the browser which is far from ideal.
The browser's console shows a 403 request to http://localhost:8500/v1/internal/ui/nodes?dc=DATACENTER&token=INVALID_TOKEN but I would think that shouldn't cause the entire page to fail to render.

Reproduction steps

  • Visit the UI of a consul agent with ACLs enabled: /ui/#/datacenter/settings
  • Enter an invalid token in the Access Token field
  • Navigate to the Key/Value page via the top menu. Notice the 403 error and the top menu is gone
  • Use the browser to go back to the settings page. Notice it is also inaccessible. It is not possible to fix the token on the settings page!
  • Open the browser's developer tools and remove the token key from the website's local storage.
  • Observe the settings page is now accessible.

It'd be nice if the settings page didn't fail to load just because the request to /v1/internal/ui/nodes returned a 403. That way users could modify their token rather than having to resort to dev tools to reset their state and try again (think of a typical web application with an 'invalid credentials' error message during the login process rather than just ceasing to function altogether).

@stevehorsfield
Copy link

I've seen this too and agree that the settings page should be accessible.

@slackpad slackpad added type/bug Feature does not function as expected easy archived/webui This was used for v1/ui labels May 2, 2017
@slackpad slackpad added theme/acls ACL and token generation and removed easy labels May 25, 2017
@slackpad slackpad self-assigned this Jul 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
archived/webui This was used for v1/ui theme/acls ACL and token generation type/bug Feature does not function as expected
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants