← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1772232] [NEW] User gets logged out when editing a snapshot

 

Public bug reported:

Procedure:
1- Go Project -> Compute -> Instances.
2- Create a snapshot of any instance.
3- Go to the newly created snapshot raw in Project -> Compute -> Images.
4- Edit Image -> change disk format to another format, e.g, "ISO".
5- The user logs out directly.

Note: Even admin user faces the same issue.

After analyzing the issue, I found that a "Forbidden HTTP request (403)"
is thrown if any user tries to edit the "disk format" attribute if the
image is not in "queued" status even though queued images cannot be
edited. And that, in turn, logs user out.

Editing disk format of any image won't really change its format. So, it
might be true to have an error message when editing disk format
attribute. If the case of Forbidden HTTP request is not correct, we can
throw any other exception indicating that the content cannot be changed.

I have the version 3.15.0 of openstack.

** Affects: glance
     Importance: Undecided
     Assignee: Ayman Mafarja (amafarja)
         Status: New

** Affects: horizon
     Importance: Undecided
     Assignee: Ayman Mafarja (amafarja)
         Status: New

** Also affects: horizon
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1772232

Title:
  User gets logged out when editing a snapshot

Status in Glance:
  New
Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Procedure:
  1- Go Project -> Compute -> Instances.
  2- Create a snapshot of any instance.
  3- Go to the newly created snapshot raw in Project -> Compute -> Images.
  4- Edit Image -> change disk format to another format, e.g, "ISO".
  5- The user logs out directly.

  Note: Even admin user faces the same issue.

  After analyzing the issue, I found that a "Forbidden HTTP request
  (403)" is thrown if any user tries to edit the "disk format" attribute
  if the image is not in "queued" status even though queued images
  cannot be edited. And that, in turn, logs user out.

  Editing disk format of any image won't really change its format. So,
  it might be true to have an error message when editing disk format
  attribute. If the case of Forbidden HTTP request is not correct, we
  can throw any other exception indicating that the content cannot be
  changed.

  I have the version 3.15.0 of openstack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1772232/+subscriptions


Follow ups