search

bcgov / gwa-ui

GWA (DataBC Gateway Administration Interface, UI for Kong)
https://gwa.apps.gov.bc.ca
Apache License 2.0
0 stars 0 forks source link

Missing custom_id for new users accessing GWA #4

Open Darv72 opened 6 years ago

Darv72 commented 6 years ago

Describe the bug When logging into GWA with my IDIR ID I receive a 500 error. My account has been added to the gwa_admin and gwa_user groups. The logs show the following error following login:

2018-07-25 11:49:47,798 ERROR ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter Error getting user's roles ca.bc.gov.gwa.http.HttpStatusException: Bad Request PATCH https://kdadmin.api.gov.bc.ca/consumers/be8905c7-72ee-4e26-b137-e4d353072ffb HTTP/1.1

https://kdadmin.api.gov.bc.ca/consumers/be8905c7-72ee-4e26-b137-e4d353072ffb resolves to:

{ "custom_id": "github_27308661", "created_at": 1525798982.241, "username": "github_mrtrev", "id": "be8905c7-72ee-4e26-b137-e4d353072ffb" }

If I try to make a call for my own ID at https://kdadmin.api.gov.bc.ca/consumers/idir_sddarvil the custom_id field is null:

{ "custom_id": null, "created_at": 1532454967, "username": "idir_sddarvil", "id": "f1999ebe-8122-4585-992c-fbe9f174db70" }

This same behavior happened for a second IDIR ID as well.

To Reproduce Steps to reproduce the behavior:

  1. Add an IDIR ID to the gwa_admin group
  2. Login to GWA with those IDIR credentials, 500 error is returned
  3. Query the ID through the Kong admin api https://kdadmin.api.gov.bc.ca/consumers/idir_
  4. custom_id field is null

Expected behavior I should be able to access the GWA UI.

pauldaustin commented 6 years ago

Please include the full stack trace

Darv72 commented 6 years ago

2018-07-25 11:55:18,218 ERROR ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter Error getting user's roles ca.bc.gov.gwa.http.HttpStatusException: Bad Request PATCH https://kdadmin.api.gov.bc.ca/consumers/be8905c7-72ee-4e26-b137-e4d353072ffb HTTP/1.1 at ca.bc.gov.gwa.http.JsonHttpClient.executeRequest(JsonHttpClient.java:125) at ca.bc.gov.gwa.http.JsonHttpClient.executeRequestJson(JsonHttpClient.java:136) at ca.bc.gov.gwa.http.JsonHttpClient.patch(JsonHttpClient.java:167) at ca.bc.gov.gwa.servlet.ApiService.userGroups(ApiService.java:1611) at ca.bc.gov.gwa.servlet.AbstractFilter.getGroups(AbstractFilter.java:28) at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilterLogin(SiteminderAuthenticationFilter.java:73) at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilter(SiteminderAuthenticationFilter.java:45) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1697) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)

Darv72 commented 6 years ago

I changed the configuration file in test gwa to use gwaKongAdminUrl: https://kpadmin.api.gov.bc.ca and was able to successfully log into GWA. Leo believes the problem may be caused by collision with my ID as the https://kdadmin.api.gov.bc.ca endpoint is coming from a nested cluster.

pauldaustin commented 6 years ago

I'm closing this as a the application seems to be working as expected with the correct configuration.

Basically with the IDIR accounts, depending on how the consumer is created it maybe missing some information. I then fill in that information when my code runs.

Darv72 commented 6 years ago

Please do not close this issue as it will need to be addressed

pauldaustin commented 6 years ago

@Darv72 What still needs to be addressed?

ll911 commented 6 years ago

this happen with kong-0.14.1, when user do not exist in consumer, when gwa attempt to create net new consumer, it use the wrong consumer id that's already exist.

pauldaustin commented 6 years ago

Have you tried it with the last gwa endpoint release that I made?

ll911 commented 6 years ago

this is with gwa endpoing 1.2.3-1 https://github.com/bcgov/gwa-kong-endpoint/issues/6 block us from upgrade to 1.3.1

ll911 commented 6 years ago

1.3.2-3 install/upgrade success getting following error on gwa user tab, when status tab shows normal

2018-09-28 14:57:34,904 ERROR   ca.bc.gov.gwa.servlet.ApiService    Unknown application error
org.apache.http.client.ClientProtocolException
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
    at ca.bc.gov.gwa.http.JsonHttpClient.executeRequest(JsonHttpClient.java:117)
    at ca.bc.gov.gwa.http.JsonHttpClient.getByUrl(JsonHttpClient.java:146)
    at ca.bc.gov.gwa.servlet.ApiService.kongPageAll(ApiService.java:1371)
    at ca.bc.gov.gwa.servlet.ApiService.kongPageAll(ApiService.java:1361)
    at ca.bc.gov.gwa.servlet.ApiService.lambda$handleListAll$24(ApiService.java:1270)
    at ca.bc.gov.gwa.http.JsonHttpConsumer.apply(JsonHttpConsumer.java:11)
    at ca.bc.gov.gwa.servlet.ApiService.handleRequest(ApiService.java:1293)
    at ca.bc.gov.gwa.servlet.ApiService.handleRequest(ApiService.java:1286)
    at ca.bc.gov.gwa.servlet.ApiService.handleListAll(ApiService.java:1269)
    at ca.bc.gov.gwa.servlet.admin.UserServlet.userRecordList(UserServlet.java:419)
    at ca.bc.gov.gwa.servlet.admin.UserServlet.doGet(UserServlet.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
    at ca.bc.gov.gwa.servlet.BaseServlet.doService(BaseServlet.java:66)
    at ca.bc.gov.gwa.servlet.BaseServlet.service(BaseServlet.java:123)
    at ca.bc.gov.gwa.servlet.admin.BaseAdminServlet.service(BaseAdminServlet.java:19)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilterLogin(SiteminderAuthenticationFilter.java:85)
    at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilter(SiteminderAuthenticationFilter.java:45)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1697)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.ProtocolException: Target host is not specified
    at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:70)
    at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:124)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:183)
    ... 43 more
ll911 commented 6 years ago

meanwhile, when net new user login from github, still getting 500 error

2018-09-28 15:04:58,534 ERROR   ca.bc.gov.gwa.servlet.authentication.DeveloperKeyAuthenticationFilter   Error getting user's roles
ca.bc.gov.gwa.http.HttpStatusException: Bad Request
PATCH http://localhost:8001/consumers/${wrong consumer to lookup, seems default to last created consumerID} HTTP/1.1
    at ca.bc.gov.gwa.http.JsonHttpClient.executeRequest(JsonHttpClient.java:125)
    at ca.bc.gov.gwa.http.JsonHttpClient.executeRequestJson(JsonHttpClient.java:136)
    at ca.bc.gov.gwa.http.JsonHttpClient.patch(JsonHttpClient.java:167)
    at ca.bc.gov.gwa.servlet.ApiService.userGroups(ApiService.java:1602)
    at ca.bc.gov.gwa.servlet.AbstractFilter.getGroups(AbstractFilter.java:28)
    at ca.bc.gov.gwa.servlet.authentication.DeveloperKeyAuthenticationFilter.handleCallback(DeveloperKeyAuthenticationFilter.java:138)
    at ca.bc.gov.gwa.servlet.authentication.DeveloperKeyAuthenticationFilter.doFilterLogin(DeveloperKeyAuthenticationFilter.java:81)
    at ca.bc.gov.gwa.servlet.authentication.DeveloperKeyAuthenticationFilter.doFilter(DeveloperKeyAuthenticationFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1697)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:946)
    at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:626)
    at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:604)
    at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
    at sun.nio.ch.Invoker$2.run(Invoker.java:218)
    at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
pauldaustin commented 6 years ago

Which environment. Always include the full URL requested in the error reports.

On Sep 28, 2018, at 15:00, Leo notifications@github.com wrote:

1.3.2-3 install/upgrade success getting following error on gwa user tab, when status tab shows normal

2018-09-28 14:57:34,904 ERROR ca.bc.gov.gwa.servlet.ApiService Unknown application error org.apache.http.client.ClientProtocolException at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at ca.bc.gov.gwa.http.JsonHttpClient.executeRequest(JsonHttpClient.java:117) at ca.bc.gov.gwa.http.JsonHttpClient.getByUrl(JsonHttpClient.java:146) at ca.bc.gov.gwa.servlet.ApiService.kongPageAll(ApiService.java:1371) at ca.bc.gov.gwa.servlet.ApiService.kongPageAll(ApiService.java:1361) at ca.bc.gov.gwa.servlet.ApiService.lambda$handleListAll$24(ApiService.java:1270) at ca.bc.gov.gwa.http.JsonHttpConsumer.apply(JsonHttpConsumer.java:11) at ca.bc.gov.gwa.servlet.ApiService.handleRequest(ApiService.java:1293) at ca.bc.gov.gwa.servlet.ApiService.handleRequest(ApiService.java:1286) at ca.bc.gov.gwa.servlet.ApiService.handleListAll(ApiService.java:1269) at ca.bc.gov.gwa.servlet.admin.UserServlet.userRecordList(UserServlet.java:419) at ca.bc.gov.gwa.servlet.admin.UserServlet.doGet(UserServlet.java:111) at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) at ca.bc.gov.gwa.servlet.BaseServlet.doService(BaseServlet.java:66) at ca.bc.gov.gwa.servlet.BaseServlet.service(BaseServlet.java:123) at ca.bc.gov.gwa.servlet.admin.BaseAdminServlet.service(BaseAdminServlet.java:19) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilterLogin(SiteminderAuthenticationFilter.java:85) at ca.bc.gov.gwa.servlet.authentication.SiteminderAuthenticationFilter.doFilter(SiteminderAuthenticationFilter.java:45) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1697) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.http.ProtocolException: Target host is not specified at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:70) at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:183) ... 43 more — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/bcgov/gwa-ui/issues/4#issuecomment-425578068, or mute the thread https://github.com/notifications/unsubscribe-auth/AAbMYdctk2-uUndnCSsSbQucDfeYYDUVks5ufpwagaJpZM4VgoRc.

ll911 commented 6 years ago

@pauldaustin prod, you can reproduce the error from https://gwa.apps.gov.bc.ca/ using a github id never registered with gwa before. same error on https://gwa-d.apps.gov.bc.ca/