[pve-devel] [RFC manager] ui: workspace: cope better with upgrade related false positive 401 HTTP codes

Mon, 24 Jun 2019 06:21:18 -0700 

While we nowadays can work much better with package upgrades relating
the cluster stack it still happens that a pve-cluster upgrade can
produce a false-positive 401 (auth failure) code for a currently
valid ticket, e.g., because a pmxcfs lock was requested but the
pmxcfs was currently not mounted due an upgrade triggered restart.

A frequent case for a few false positive 401 is also a cluster
creation, especially if not done over the web GUI.

Thus add a counter, which gets set to 0 on each successful login or
ticket renewal and gets increased on each 401 error. Only show the
logged out window if we get five or more 401 responses. While 5 may
sound a bit much one needs to remember that we always have quite a
few API call in flight (resource update store, stores from current
panel ...) and thus, if one got really auth denied it will still show
quite fast (1 to 5 seconds, depending on which panel is currently
opened). Further, the backend naturally does not allows to do
anything during this time, this has no security implications
whatsoever.

Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
 www/manager6/Workspace.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/www/manager6/Workspace.js b/www/manager6/Workspace.js
index 1d343525..db846efc 100644
--- a/www/manager6/Workspace.js
+++ b/www/manager6/Workspace.js
@@ -27,6 +27,7 @@ Ext.define('PVE.Workspace', {
        if (loginData.cap) {
            Ext.state.Manager.set('GuiCap', loginData.cap);
        }
+       me.response401count = 0;
 
        me.onLogin(loginData);
     },
@@ -60,7 +61,12 @@ Ext.define('PVE.Workspace', {
        // fixme: what about other errors
        Ext.Ajax.on('requestexception', function(conn, response, options) {
            if (response.status == 401 && !PVE.Utils.silenceAuthFailures) { // 
auth failure
-               me.showLogin();
+               // don't immediately show as logged out to cope better with 
some big
+               // upgrades, which may temporarily produce a false positive 401 
err
+               me.response401count++;
+               if (me.response401count > 5) {
+                   me.showLogin();
+               }
            }
        });
 
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to