Auth: Only call rotate token if we have a session expiry cookie #84169
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kalleep
added
type/bug
add to changelog
backport v10.3.x
kalleep
requested review from
Clarity-89 and
ashharrison90
and removed request for
a team
|
This PR must be merged before a backport PR will be created. |
|
This PR must be merged before a backport PR will be created. |
1 similar comment
|
This PR must be merged before a backport PR will be created. |
mgyongyosi
approved these changes
Mar 11, 2024
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-84169-to-v10.3.x origin/v10.3.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 4272483c54a55d807788c163963b70071343eba4When the conflicts are resolved, stage and commit the changes: If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-84169-to-v10.3.x
# Create the PR body template
PR_BODY=$(gh pr view 84169 --json body --template 'Backport 4272483c54a55d807788c163963b70071343eba4 from #84169{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title "[v10.3.x] Auth: Only call rotate token if we have a session expiry cookie" --body-file - --label "type/bug" --label "area/frontend" --label "add to changelog" --label "backport" --base v10.3.x --milestone 10.3.x --webOr, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-84169-to-v10.3.x
# Create a pull request where the `base` branch is `v10.3.x` and the `compare`/`head` branch is `backport-84169-to-v10.3.x`.
# Remove the local backport branch
git switch main
git branch -D backport-84169-to-v10.3.x |
grafana-delivery-bot
bot
added
the
backport-failed
grafana-delivery-bot bot
pushed a commit
that referenced
this pull request
Mar 11, 2024
Only call rotate token if we have a session expiry cookie (cherry picked from commit 4272483)
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is this feature?
When getting a 401 response we always tried to rotate token. This works correctly as long as a user has a sessions cookie. But there are cases when a user don't have one (anonymous and auth proxy). When the server respond with a 401 this is causing a infinite reload loop for that page.
To solve this we only call rotate token if we have a session expiry cookie and in all other cases we call
GET /api/login/pingto determine if user is authenticated.For 10.3.x and below this can be mitigated by disabling the feature toggle. But in 10.4.x the toggle is removed and this is the default behaviour.
Why do we need this feature?
To solve issue with infinite page reload loop for users without a sessions.
Which issue(s) does this PR fix?:
Fixes #
Special notes for your reviewer:
Please check that: