Closed xuweixi10 closed 2 months ago
It seems that any two-factor verification pop-up clicks are invalid.
Maybe have bug in follow code?
before i change, the session is always expired
In the screenshot above, is the button to confirm password completely disabled? This page should only appear after upgrading self-hosted. What version are you coming from?
my version is 24.6.0, after i change the code, it seems like problem is solved, but i don't know it's a correct way. maybe bring other bugs
Hmmm ok. Do you mind sharing what you changed to fix your problem?
like this on superuser.py
Ah my bad, I misread this as this is indeed different from what it is today. I'm going to transfer this issue.
In specific, this line is changed. https://github.com/getsentry/sentry/blob/0b8851caff0c82845ae261d95b44bc284ea78f03/src/sentry/auth/superuser.py#L383
Assigning to @getsentry/support for routing ⏲️
Routing to @getsentry/product-owners-settings-auth for triage ⏲️
Those lines for setting the expiration and idle time have not changed at all. My best guess is the problem is somehow related to how we're verifying the superuser session.
@xuweixi10 could you possibly take a look at where we're validating the session expiration time below, and check what the value is when using the existing code vs your fix? https://github.com/getsentry/sentry/blob/ba3a4de019399cfaf1707bb2ea73bec690d56bf2/src/sentry/auth/superuser.py#L310-L325
after i add log blow,
logger.info(
"superuser.logged-in",
extra={
"exp": self.expires.strftime("%s"),
"idl": (current_datetime + IDLE_MAX_AGE).strftime("%s"),
},
)
self.request.session[SESSION_KEY] = {
"exp": self.expires.strftime("%s"),
"idl": (current_datetime + IDLE_MAX_AGE).strftime("%s"),
"tok": self.token,
# XXX(dcramer): do we really need the uid safety mechanism
"uid": self.uid,
}
when i login as superuser
09:57:51 [INFO] sentry.superuser: superuser.needs-validation (DISABLE_SU_FORM_U2F_CHECK_FOR_LOCAL=False self_hosted=True)
09:57:51 [INFO] sentry.superuser: superuser.logged-in (exp='1722059871' idl='1722046371')
09:57:51 [INFO] sentry.superuser: superuser.logged-in (ip_address='157.10.105.33' user_id=1)
09:57:51 [INFO] sentry.access.api: api.access (method='PUT' view='sentry.api.endpoints.auth_index.AuthIndexEndpoint' response=200 user_id='1' is_app='None' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/api/0/auth/' caller_ip='157.10.105.33' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.2741873264312744 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
09:57:51 [INFO] sentry.superuser: superuser.session-expired (ip_address='157.10.105.33' user_id=1)
09:57:51 [INFO] sentry.superuser: superuser.session-expired (ip_address='157.10.105.33' user_id=1)
09:57:51 [INFO] sentry.superuser: superuser.session-expired (ip_address='157.10.105.33' user_id=1)
09:57:51 [WARNING] django.request: Forbidden: /api/0/internal/stats/ (status_code=403 request=<WSGIRequest: GET '/api/0/internal/stats/?key=events.total&resolution=1h&since=1721469471.309'>)
09:57:51 [INFO] sentry.superuser: superuser.session-expired (ip_address='157.10.105.33' user_id=1)
09:57:51 [INFO] sentry.superuser: superuser.session-expired (ip_address='157.10.105.33' user_id=1)
I login as super user then immediately expired i think maybe the timezone problem, i can see some places still use non-UTC time
Fine, the reason is my docker timezone is not UTC.after i change to UTC everything is ok
Self-Hosted Version
24.6.0
CPU Architecture
x86_64
Docker Version
24.0.7
Docker Compose Version
2.23.3
Steps to Reproduce
Expected Result
enter sentry home page
Actual Result
nothing happed, and the button is disabled
Event ID
No response