Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Stack Monitoring][Angular removal] Migrate access denied view #111763

Closed
Tracked by #111309
estermv opened this issue Sep 9, 2021 · 10 comments · Fixed by #114887
Closed
Tracked by #111309

[Stack Monitoring][Angular removal] Migrate access denied view #111763

estermv opened this issue Sep 9, 2021 · 10 comments · Fixed by #114887
Assignees
Labels
Epic: Stack Monitoring de-angularization Feature:Stack Monitoring Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services

Comments

@estermv
Copy link
Contributor

estermv commented Sep 9, 2021

Migrate access denied view.

I'm not really sure when a user ends up on this page. I only saw it once and it was unintentional (I was navigating through SM and I got redirected to access denied, after few seconds I got redirected to the view where I was).

Based on the code, a user is redirected to this page when they receive a 403 from the server .
I've tried a few things to reproduce it:

  • I tried to visit stack monitoring with a user that doesn't have the monitoring_user role -> I see this page, that is not implemented in stack monitoring:

Screenshot 2021-09-09 at 18 33 49

  • Remove the monitoring_user role from the user while I'm at stack monitoring -> I receive 404 from the server, so the user only sees toasts with an error.
  • Visit directly /app/monitoring#/access_denied 😅 -> user is redirected to /app/monitoring#/home (and then to the overview page if they have only one cluster)
@estermv estermv added Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Feature:Stack Monitoring Epic: Stack Monitoring de-angularization labels Sep 9, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui)

@simianhacker
Copy link
Member

It looks like this happens when a 403 is caught by the error handler: https://github.com/elastic/kibana/blob/master/x-pack/plugins/monitoring/public/lib/ajax_error_handler.tsx#L39-L41

I'm assuming there are situations where the user will have a browser open for long periods of time and their login credentials expire.

@matschaffer
Copy link
Contributor

I tried removing my session cookie to simulate what @simianhacker mentioned. The next refresh kicked me back to the login page when I was on #114029 - wondering if the error handling might fix this issue. Will check the role modifications.

@matschaffer
Copy link
Contributor

After page refresh with a non-monitoring user worked as expected on monitoring home page

Screen Shot 2021-10-07 at 11 03 38

Trying to remove the role after page load next.

@matschaffer
Copy link
Contributor

Removing mid-session on react just fails silently

Screen Shot 2021-10-07 at 11 06 07

@matschaffer
Copy link
Contributor

Angular pops up a toast - so seems like there's still some work to do here

Screen Shot 2021-10-07 at 11 07 35

@matschaffer
Copy link
Contributor

One thing I noticed that's a little weird on both the react and angular app is the "Go back" on the full page error. Looks like it just rewinds the history which might have more stack monitoring UI URLs.

Once you click it enough times to get back to something you have access to, you get a page. Same behavior between react/angular there

@matschaffer
Copy link
Contributor

I'm not sure how we could get to /app/monitoring#/access_denied but indeed, angular has a page there

Screen Shot 2021-10-07 at 11 15 33

@simianhacker
Copy link
Member

@matschaffer I added error handling in this PR: #114029

@matschaffer
Copy link
Contributor

Yep, that's what I have running here (mentioned the same number in #111763 (comment)) - I'll comment here if I can figure out why the 404 toast isn't happening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Epic: Stack Monitoring de-angularization Feature:Stack Monitoring Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants