Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS redirection causes misleading "Unauthorized" message #52

Open
kingdonb opened this issue Jul 24, 2020 · 1 comment
Open

HTTPS redirection causes misleading "Unauthorized" message #52

kingdonb opened this issue Jul 24, 2020 · 1 comment

Comments

@kingdonb
Copy link
Member

I thought there was something wrong with my controller, but what actually happened here is something else:

kb$ deis login deis.teamhephy.info
username: xxxx
password:
Logged in as xxxx
Configuration file written to /Users/kb/.deis/client.json
kb$ deis apps
Error: Unauthorized: Missing or Invalid Token

So, this controller is terminated with TLS using an nginx-ingress controller and the experimental native ingress support.

If you visit it on port 80, you get redirected by the ingress rule to HTTPS port. The login and register sequences don't seem to mind that redirect (my login succeeds, I get a valid token), but the workflow cli authenticated commands at-large that authenticate themselves using that token, don't seem to anticipate or handle this and can't cope with it.

I spent a fair amount of time to realize I just needed to ensure I was using "https" in my login. This could be handled better by the client, either it can recognize that it was redirected and record the correct "https" url in client.json after login, or cope better with redirects, either by following them, or by reporting the correctly described problem.

Unauthorized: Missing or Invalid Token is less than helpful and doesn't reflect what's actually happening very well. The fancier ways of dealing with this all could work, I'd really just like to update the client so that when this error occurs due to any redirect to TLS for an authenticated command, the error actually tells you that's what has happened.

Correcting the URL to include https at login time when the login has been redirected to https, would be another nice-to-have, but doesn't solve the issue on its own (there may be people who have upgraded their controllers to be terminated with TLS after some time, and they have client.json left around pointing to the unsecured endpoint, or there are people who have logged in through the existing method and their tokens were stored incorrectly in client.json by an older CLI release.)
@kingdonb
Copy link
Member Author

kingdonb commented Jul 24, 2020
edited
Loading

Unauthorized: Missing or Invalid Token is less than helpful and doesn't reflect what's actually happening very well

And I'm willing to accept that I'm wrong about this, (that may actually be the conversation the client had with the server)

It would make sense if there was a POST with param that was redirected, there could be no param on the redirect target.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kingdonb