Closed Bug 610457 Opened 15 years ago Closed 15 years ago

Admin link not displayed on HTTP pages

Categories

(Socorro :: General, task)

Product:
Socorro
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: ryansnyder, Assigned: ryansnyder)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch 2 for 610457
3.01 KB, patch
rhelmer
: review+
Details | Diff | Splinter Review
With 1.7.5 we implemented a number of security fixes. One of these causes the user to believe they are not logged in, when in fact they are. When logged in, on http pages the link at the bottom only says "Login", while on https pages the link at the bottom says "Admin".
This change should also fix issues on other HTTP pages on the site, such as documented here: https://bugzilla.mozilla.org/show_bug.cgi?id=575086#c9
Severity: minor → normal
Target Milestone: --- → 1.7.6
See Also: → 532691
Assignee: nobody → ryan
Attached patch Patch 1 for 610457 (obsolete) — Splinter Review
The following patch will force an authenticated user to view every page on the site in https.
Attachment #491989 - Flags: review?(robert)
Attachment #491989 - Flags: review?(robert) → review+
Committed what I thought would fix this issue, but it did not. The problem is that Socorro UI only recognizes the secure cookie that determines whether the user is authenticated when on an https page, not on an http page. That being the case, the fix for this problem is to force every page, regardless of authentication status, to https. Is this something we want to do? == Sending webapp-php/application/libraries/MY_Controller.php Transmitting file data . Committed revision 2777.
We can force https. The chief reason not to do this would be increased load on the LB, but Socorro webapp traffic is low enough that it's irrelevant. We should make "force https" a setting though, because it will be easier for devs/testers not to have to set this up in their sandboxes.
Let's try this again. Instead of forcing all authenticated users to https, this patch forces all users to https across the site.
Attachment #491989 - Attachment is obsolete: true
Attachment #492347 - Flags: review?(robert)
Attachment #492347 - Flags: review?(robert) → review+
Created Bug 614004 to update config file on stage. We can test after this has been implemented. Updated docs at http://code.google.com/p/socorro/wiki/SocorroUpgrade Committed: == Sending webapp-php/application/config/auth.php-dist Sending webapp-php/application/libraries/MY_Controller.php Transmitting file data .. Committed revision 2779.
Working as expected on stage.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Verified FIXED on staging: http://crash-stats.stage.mozilla.com/admin redirects me to https://crash-stats.stage.mozilla.com/admin, so I obviously no longer see the problem from comment 0.
Status: RESOLVED → VERIFIED
Component: Socorro → General
Product: Webtools → Socorro
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: