Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-3599

Even if only SSO login is allowed, user is prompted to enter Hipchat email and password when login expires or client load fails

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 3 - Minor

      Description

      Summary

      When the user's login cookie expires, the user is signed out of the client and has to sign in again.
      In this case, the user will be prompted to enter their Hipchat email and password and will be unable to login if their group uses SSO.

      Steps to Reproduce

      1. Setup SSO and login to the Windows desktop client
      2. Change the time to more than 14 days in the future, the login cookie will expire and you will be signed out

      Expected Results

      Get the screen where you can choose to login via SSO

      Actual Results

      The client prompts you to enter your Hipchat email and password, you have to click Go back to get to the SSO options screen.

      Notes

      Although clicking Go back resolves the issue, it can be very confusing to users who will keep on entering their SSO credentials.

      Workaround

      Implement a blind re-direct from /sign_in to /login_select_auth by adding this line at the very top of /hipchat-scm/web/application/views/users/sign_in.php:

      <?php header("Location: login_select_auth", TRUE, 301); exit(); ?>
      
      How to make the change persist
      1. Create a new file in /home/admin/startup_scripts called sign_in_redirect or similar

        Do not include a file extension in the name

      2. Copy the code below into the file and save it:
        #!/bin/bash
        
        # Check if there's a redirect already in the first line of sign_in.php
         CHECK=$(head -1 /hipchat-scm/web/application/views/users/sign_in.php | grep -c '"Location: login_select_auth", TRUE, 301')
        
        # If there are no jobs, add one
        if [ $CHECK -lt 1 ]; then
            sudo dont-blame-hipchat -c "sed -i '1s/^/<?php header(\"Location: login_select_auth\", TRUE, 301); exit(); ?>\n/' /hipchat-scm/web/application/views/users/sign_in.php";
        fi
        
        
      3. Save the script, then make it executable:
        chmod +x /home/admin/startup_scripts/sign_in_redirect
        
      4. Make sure the change done manually to sign_in.php is reverted and run the script once:
        /home/admin/startup_scripts/sign_in_redirect
        
      5. Validate the change was done:
        head /hipchat-scm/web/application/views/users/sign_in.php
        
      6. Run the script once again and verify it doesn't add an additional line there

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              adridi Arbi Dridi
              Reporter:
              adridi Arbi Dridi
              Archiver:
              mandreacchio Michael Andreacchio

                Dates

                Created:
                Updated:
                Resolved:
                Archived: