search

vatesfr / xen-orchestra

The global orchestration solution to manage and backup XCP-ng and XenServer.
https://xen-orchestra.com
Other
775 stars 262 forks source link

XO Users raise 2 log entries on log in for "not authenticated or not enough permissions" #3573

Closed m-xen closed 5 years ago

m-xen commented 5 years ago

Context

Expected behavior

Log should not contain these 2 entries, either the function should silently fail to enumerate the resources, or the default permissions for User accounts should allow the enumeration of the resources.

Current behavior

If the account is an Admin no entries are raised at login. If the account is a User, 2 log entries are raised immediately after login for "not authenticated or not enough permissions";

server.getAll
{}
{
  "message": "not authenticated or not enough permissions",
  "stack": "XoError: not authenticated or not enough permissions
    at Object.factory [as unauthorized] (/usr/local/lib/node_modules/xo-server/node_modules/xo-common/src/api-errors.js:21:31)
    at Xo.checkPermission (/usr/local/lib/node_modules/xo-server/src/xo-mixins/api.js:94:17)
    at /usr/local/lib/node_modules/xo-server/src/xo-mixins/api.js:257:28
    at next (native)
    at asyncGeneratorStep (/usr/local/lib/node_modules/xo-server/dist/xo-mixins/api.js:38:103)
    at _next (/usr/local/lib/node_modules/xo-server/dist/xo-mixins/api.js:40:194)
    at run (/usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/es6.promise.js:75:22)
    at /usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/es6.promise.js:92:30
    at flush (/usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/_microtask.js:18:9)
    at _combinedTickCallback (internal/process/next_tick.js:73:7)
    at process._tickCallback (internal/process/next_tick.js:104:9)",
  "code": 2
}

user.getAll
{}
{
  "message": "not authenticated or not enough permissions",
  "stack": "XoError: not authenticated or not enough permissions
    at Object.factory [as unauthorized] (/usr/local/lib/node_modules/xo-server/node_modules/xo-common/src/api-errors.js:21:31)
    at Xo.checkPermission (/usr/local/lib/node_modules/xo-server/src/xo-mixins/api.js:94:17)
    at /usr/local/lib/node_modules/xo-server/src/xo-mixins/api.js:257:28
    at next (native)
    at asyncGeneratorStep (/usr/local/lib/node_modules/xo-server/dist/xo-mixins/api.js:38:103)
    at _next (/usr/local/lib/node_modules/xo-server/dist/xo-mixins/api.js:40:194)
    at run (/usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/es6.promise.js:75:22)
    at /usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/es6.promise.js:92:30
    at flush (/usr/local/lib/node_modules/xo-server-xoa/node_modules/core-js/modules/_microtask.js:18:9)
    at _combinedTickCallback (internal/process/next_tick.js:73:7)
    at process._tickCallback (internal/process/next_tick.js:104:9)",
  "code": 2
}
julien-f commented 5 years ago

Closing as duplicate of #2335.

julien-f commented 5 years ago

user.getAll is not fixed, re-opening.

Due to this code: https://github.com/vatesfr/xen-orchestra/blob/74b97e65186d7cb66dc3a50f4019ef6788fd1646/packages/xo-web/src/common/xo/index.js#L178-L183

Which is ugly and should be replaced.

Enishowk commented 5 years ago

I looked at the code but I think I need some explanation to finish this issue.