The katello manifest upload raises an "unauthenticated user" error with the latest commit in the foreman develop branch. The following commit seems to have caused that issue (was able to git co the commit previous to this and get manifest upload working.)
This is a security hardening thing… so we should try and fix it. Is the
form not grabbing the token.
– bk
···
On 04/10/2014 06:04 PM, Partha Aji wrote:
>
> The katello manifest upload raises an "unauthenticated user" error with the latest commit in the foreman develop branch. The following commit seems to have caused that issue (was able to git co the commit previous to this and get manifest upload working.)
> https://github.com/theforeman/foreman/commit/73f99b5c79de3d2a6b65e8833c6be72117ca1257
>
> I have filed a redmine issue related to this http://projects.theforeman.org/issues/5154 .. Dominic/Other foremantors please give me suggestions or work arounds to deal with this.
>
> Temporary work around for people encountering this
>
> cd /foreman
> git co db999987b0e4d5c113a7cb2326e79e1887b5c90e
>
> Partha
>
You can blame me for this update since it was inspired by initial work from
me to address the security issue. I'd guess the token is not being passed
on file uploads since they are done through the iframe but ngupload comes
with support for CSRF. See
Eric
···
On 04/10/2014 06:04 PM, Partha Aji wrote:
The katello manifest upload raises an “unauthenticated user” error with
the latest commit in the foreman develop branch. The following commit seems
to have caused that issue (was able to git co the commit previous to this
and get manifest upload working.) https://github.com/theforeman/foreman/commit/
73f99b5c79de3d2a6b65e8833c6be72117ca1257
I have filed a redmine issue related to this http://projects.theforeman.
org/issues/5154 … Dominic/Other foremantors please give me suggestions
or work arounds to deal with this.
Temporary work around for people encountering this
cd /foreman
git co db999987b0e4d5c113a7cb2326e79e1887b5c90e
Partha
This is a security hardening thing… so we should try and fix it. Is the
form not grabbing the token.
>
> You can blame me for this update since it was inspired by initial work from me to address the security issue. I'd guess the token is not being passed on file uploads since they are done through the iframe but ngupload comes with support for CSRF. See https://github.com/twilson63/ngUpload/blob/master/readme.md#directive-options
>
> Eric
>
Cool . Will take a stab at fixing this next…
Partha
···
> On Apr 10, 2014, at 9:37 PM, Eric D Helms wrote:
On 04/10/2014 06:04 PM, Partha Aji wrote:
The katello manifest upload raises an “unauthenticated user” error with the latest commit in the foreman develop branch. The following commit seems to have caused that issue (was able to git co the commit previous to this and get manifest upload working.) https://github.com/theforeman/foreman/commit/73f99b5c79de3d2a6b65e8833c6be72117ca1257
You can blame me for this update since it was inspired by initial work from me to address the security issue. I’d guess the token is not being passed on file uploads since they are done through the iframe but ngupload comes with support for CSRF. See https://github.com/twilson63/ngUpload/blob/master/readme.md#directive-options
Eric
Cool . Will take a stab at fixing this next…
Partha
On 04/10/2014 06:04 PM, Partha Aji wrote:
The katello manifest upload raises an “unauthenticated user” error with the latest commit in the foreman develop branch. The following commit seems to have caused that issue (was able to git co the commit previous to this and get manifest upload working.) https://github.com/theforeman/foreman/commit/73f99b5c79de3d2a6b65e8833c6be72117ca1257
You can blame me for this update since it was inspired by initial work
from me to address the security issue. I’d guess the token is not being
passed on file uploads since they are done through the iframe but ngupload
comes with support for CSRF. See https://github.com/twilson63/ngUpload/blob/master/readme.md#directive-options
Eric
Cool . Will take a stab at fixing this next…
Partha
On 04/10/2014 06:04 PM, Partha Aji wrote:
The katello manifest upload raises an “unauthenticated user” error with
the latest commit in the foreman develop branch. The following commit seems
to have caused that issue (was able to git co the commit previous to this
and get manifest upload working.) https://github.com/theforeman/foreman/commit/
73f99b5c79de3d2a6b65e8833c6be72117ca1257
I have filed a redmine issue related to this http://projects.theforeman.
org/issues/5154 … Dominic/Other foremantors please give me suggestions
or work arounds to deal with this.
Temporary work around for people encountering this
cd /foreman
git co db999987b0e4d5c113a7cb2326e79e1887b5c90e
Partha
This is a security hardening thing… so we should try and fix it. Is the
form not grabbing the token.
···
On 04/11/2014 08:08 AM, Eric D Helms wrote:
> CSRF is only checked if there is a session so hammer shouldn't be affected.
>
> Eric
>
>
> On Fri, Apr 11, 2014 at 7:43 AM, Bryan Kearney > wrote:
>
> How does this impact hammer?
>
> -- bk
> Sent with thumbs
>
> On Apr 11, 2014, at 3:01 AM, Partha Aji > wrote:
>
>>
>>
>> On Apr 10, 2014, at 9:37 PM, Eric D Helms > > wrote:
>>
>>> You can blame me for this update since it was inspired by initial
>>> work from me to address the security issue. I'd guess the token
>>> is not being passed on file uploads since they are done through
>>> the iframe but ngupload comes with support for CSRF. See
>>> https://github.com/twilson63/ngUpload/blob/master/readme.md#directive-options
>>>
>>> Eric
>>>
>> Cool . Will take a stab at fixing this next..
>>
>> Partha
>>
>>> On 04/10/2014 06:04 PM, Partha Aji wrote:
>>>
>>>
>>> The katello manifest upload raises an "unauthenticated user"
>>> error with the latest commit in the foreman develop branch.
>>> The following commit seems to have caused that issue (was
>>> able to git co the commit previous to this and get manifest
>>> upload working.)
>>> https://github.com/theforeman/__foreman/commit/__73f99b5c79de3d2a6b65e8833c6be7__2117ca1257
>>>
>>>
>>> I have filed a redmine issue related to this
>>> http://projects.theforeman.__org/issues/5154
>>> .. Dominic/Other
>>> foremantors please give me suggestions or work arounds to
>>> deal with this.
>>>
>>> Temporary work around for people encountering this
>>>
>>> cd /foreman
>>> git co db999987b0e4d5c113a7cb2326e79e__1887b5c90e
>>>
>>> Partha
>>>
>>> This is a security hardening thing.. so we should try and fix it.
>>> Is the form not grabbing the token.
>>>
>>> -- bk
>>>
>>> --
>>> You received this message because you are subscribed to the
>>> Google Groups "foreman-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to foreman-dev+unsubscribe@__googlegroups.com
>>> .
>>> For more options, visit https://groups.google.com/d/__optout
>>> .
>>>
>>> --
>>> You received this message because you are subscribed to the
>>> Google Groups "foreman-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to foreman-dev+unsubscribe@googlegroups.com
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "foreman-dev" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to foreman-dev+unsubscribe@googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to foreman-dev+unsubscribe@googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to foreman-dev+unsubscribe@googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
How does this impact hammer?
-- bk
Sent with thumbs
On Apr 11, 2014, at 3:01 AM, Partha Aji <paji@redhat.com > > <mailto:paji@redhat.com>> wrote:
On Apr 10, 2014, at 9:37 PM, Eric D Helms <ericdhelms@gmail.com > >> <mailto:ericdhelms@gmail.com>> wrote:
You can blame me for this update since it was inspired by initial
work from me to address the security issue. I'd guess the token
is not being passed on file uploads since they are done through
the iframe but ngupload comes with support for CSRF. See
https://github.com/twilson63/ngUpload/blob/master/readme.md#directive-options
Eric
Cool . Will take a stab at fixing this next..
Partha
On 04/10/2014 06:04 PM, Partha Aji wrote:
The katello manifest upload raises an "unauthenticated user"
error with the latest commit in the foreman develop branch.
The following commit seems to have caused that issue (was
able to git co the commit previous to this and get manifest
upload working.)
https://github.com/theforeman/__foreman/commit/__73f99b5c79de3d2a6b65e8833c6be7__2117ca1257
<https://github.com/theforeman/foreman/commit/73f99b5c79de3d2a6b65e8833c6be72117ca1257>
I have filed a redmine issue related to this
http://projects.theforeman.__org/issues/5154
<http://projects.theforeman.org/issues/5154> .. Dominic/Other
foremantors please give me suggestions or work arounds to
deal with this.
Temporary work around for people encountering this
cd /foreman
git co db999987b0e4d5c113a7cb2326e79e__1887b5c90e
Partha
This is a security hardening thing.. so we should try and fix it.
Is the form not grabbing the token.
-- bk
--
You received this message because you are subscribed to the
Google Groups "foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-dev+unsubscribe@__googlegroups.com
<mailto:foreman-dev%2Bunsubscribe@googlegroups.com>.
For more options, visit https://groups.google.com/d/__optout
<https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the
Google Groups "foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-dev+unsubscribe@googlegroups.com
<mailto:foreman-dev+unsubscribe@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-dev+unsubscribe@googlegroups.com
<mailto:foreman-dev+unsubscribe@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-dev+unsubscribe@googlegroups.com
<mailto:foreman-dev+unsubscribe@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.