Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7990

User with anonymous role causes recursive login failures for a time

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.0.0-m3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Chrome, FF MacOSX

      Description

      While testing NEXUS-7966, I created a user quickly who I wanted to have minimal access to the application. I thus gave him "Nexus Anonymous Role". When I tried to login with this user, I got a password not correct message.
      I thought maybe I had broken something so I tried to sign-in as admin but also got a password not correct message.
      After some JIRA looking, I came back to find that I had logged in.

      On repro attempts, I found that after ~45 seconds, the user does log in but the log in window does not close. Trying to log in to any other user during this time errors however the last person you did during the delay period eventually logs in. So in the example above, admin would eventually be logged in.
      This does not appear to occur with users not with the Nexus Anonymous Role (I created another with admin privs. as well as one with Base UI, both worked) - tho there are many role combos I am sure I haven't tested.

      On ticket check, I wondered if this is the same as NEXUS-2826 but cannot be sure.

      While this may not be a real world case, I believe the following items are broken in any case:
      1) Login should not say failed & delay if it actually succeeds
      2) Subsequent logins should not be blocked (removing the delay would likely prevent this)
      3) Popout should close once login is successful.

      I did not check this in NX2 at this time.
      I originally suspected this may have been related to recent "Remember Me" changes however I see no proof of that esp on subsequent testing/investigation.
      I do not believe this has anything to do with NEXUS-7966 tho I am linking JIC and for legacy knowledge.

      Steps to repro:
      1) Login as admin
      2) Create new test user with Nexus Anonymous Role (no other roles; other data should not matter)
      3) Logout. NOTE: I restarted here because of NEXUS-7963, that may be necessary.
      4) Login as test user
      5; BUG) Login failed (even with correct password)
      6) Wait 1 min (should be about ~45 seconds). NOTE: You are logged in but BUG login popout does not close.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              jtom Joe Tom
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title