Skip to content
This repository was archived by the owner on Nov 30, 2022. It is now read-only.

Unable to logout from Admin UI with an expired/invalid token #1257

Closed
#1305
Closed
Unable to logout from Admin UI with an expired/invalid token#1257
#1305
Assignees
pattisdr
Labels
bugSomething isn't working
@NevilleS

Description

@NevilleS
NevilleS
opened on Sep 6, 2022

Bug Description

On fidesops:1.7.2 I have found that I cannot logout from the Admin UI when my token is already expired or invalid. When this occurs, you get stuck in a bad state where you can't use the UI (because your token is rejected), but you also can't log back in (because the existing token prevents using the /login route).

There is at least two ways to cause this:

  • If you have an expired token, the /logout endpoint will throw a 403, not succeed, and not clear the local storage
  • If you have an invalid token, the /logout endpoint will throw a 403, not succeed, and not clear the local storage

Steps to Reproduce

It's simple enough to reproduce an invalid token:

  1. Login to the Admin UI normally
  2. Logout normally and observe that the logout succeeds
  3. In the console, run window.localStorage.setItem('auth.fidesops-admin-ui', '{"token":"invalid"}')
  4. Refresh the home page (http://localhost:8080)
  5. Observe the console to see a 500 error ,due to the invalid token
  6. Click the logout button from the top-right dropdown menu
  7. Observe that /logout fails with a 500, and the invalid token is not cleared:

image

  1. Try to manually go to /login
  2. Observe that you are automatically redirected back to the home page, despite still having an invalid token that you cannot logout from

Expected behavior

I'd expect two things here that aren't happening:

  1. Whenever the user logs out from the Admin UI, the local auth token should be deleted no matter what happens on the server (403, 500, etc.). This would prevent you from getting into an unrecoverable state where you cannot clear your token
  2. Invalid tokens should be captured as a 403 error on the server, even if they are structurally incorrect (like in this example)

The latter is less important as it's more of a QOL improvement, but the former is blocking usage of the Admin UI right now if you ever get timed out.

Screenshots

(see above)

Environment

  • Version: 1.7.2
  • OS: Mac OSX Monterey (12.5.1)
  • Python Version: 3.10.5
  • Docker Version: 20.10.17

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions