Gracefully Handle Session Secret Changes for Seamless User Experience #1869

holgerkoser · 2024-05-13T15:20:11Z

What this PR does / why we need it:
When the session sessionSecret is modified, existing authentication cookies become invalid. Consequently, users encounter an "Unexpected error :(" message, and all subsequent requests are aborted. To resolve this issue, users must manually delete cookies or navigate to /auth/logout to force a logout.

Which issue(s) this PR fixes:
Fixes #1866

Special notes for your reviewer:

Release note:

During session secret rotation, an unexpected error with code 500 could occur, requiring manual deletion of session cookies to resolve. This situation is now properly handled, and the user will be redirected to the login page accordingly.

* master: Cherry picked fix for vuetify issue #19707 (#1868)

petersutter

/lgtm

grolu

/lgtm

holgerkoser · 2024-05-14T14:37:05Z

/help

gardener-robot · 2024-05-14T14:37:10Z

@holgerkoser Here my list of commands:

Man Page

Synopsis	What & Who	Description & Examples
`/advise` `[QUESTION]`	_{Valid for} Issue _{Permitted for} Member, Author, Commenter	Request advice (for the ticket or a specific question if provided) using generative pre-trained transformers (GPTs) such as OpenAI's GPT-4. Usage is granted solely on the condition that you acknowledge and accept its RISKS and our TERMS OF USE. _Examples: - `/advise` - `/advise What are my options?` _{Synonyms: /advise, /advice, /adv}
`/assign` `[@user...]`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Commenter	Assign given people (or yourself if none specified) to issue or PR. Commenters may only assign themselves. Labels can be used as well, which are subsituted with the registered reviewers for that label. _Examples: - `/assign` - `/assign @johndoe @janedoe` - `/assign platform/bare-metal`
`/unassign` `[@user...]`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Commenter	Unassign given people (or yourself if none specified) from issue or PR. Commenters may only unassign themselves. Labels can be used as well, which are subsituted with the registered reviewers for that label. _Examples: - `/unassign` - `/unassign @johndoe @janedoe` - `/unassign platform/bare-metal`
`/cla`	_{Valid for} PullRequest _{Permitted for} Anyone	Recheck Contributor License Agreement (CLA) for PR. _Examples: - `/cla`
`/diag`	_{Valid for} Issue _{Permitted for} Member, Author, Commenter	Run diagnosis on cluster. Command must be invoked on a cluster or on an issue with a cluster dashboard link in the description and labeled with `topology/shoot`. _Examples: - `/diag`
`/discover` `[-f` `DATETIME]` `[-t` `DATETIME]` `[-v` `VARS]` `[-s` `CATEGORY]` `[QUESTION]`	_{Valid for} Issue _{Permitted for} Member, Author, Commenter	Discover inspection or resolution options (for the ticket or a specific question if provided) from an expert-curated knowledge base using generative pre-trained transformers (GPTs) such as OpenAI's GPT-4. Usage is granted solely on the condition that you acknowledge and accept its RISKS and our TERMS OF USE. _Examples: - `/discover` - `/discover What are my options?` _{Synonyms: /discover, /dis}
`/duplicate`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Mark issue or PR as duplicate of another one. The referenced issue/PR may be in the same repo (e.g. `#123` or `GH-123`), on the same server (e.g. `org/repo#123`), or even on another server (e.g. `https://server/org/repo/issues/123`). Author, assignees, and code owners of the referenced issue/PR will be informed about this duplicate. Information will be redacted if this duplicate is private and the referenced one is public. An attempt to reference a private issue/PR from public will be rejected. _Examples: - `/duplicate`
`/handover` `[@user...]`	_{Valid for} Issue, PullRequest _{Permitted for} Anyone	Hand over issue or PR to someone or some team or the DODs _Examples: - `/handover @johndoe` - `/handover platform/bare-metal` - `/handover`
`/help`	_{Valid for} Issue, PullRequest _{Permitted for} Anyone	Get help on all available commands. _Examples: - `/help` _{Synonyms: /help, /hi, /hello, /hola, /hallo, /rtfm}
`/hotfix-trigger` `[landscape]`	_{Valid for} PullRequest _{Permitted for} Member	Will trigger hotfix process for the designated landscape. It will trigger on merged PR only. _Examples: - `/hotfix-trigger staging` - `/hotfix-trigger canary` - `/hotfix-trigger live`
`/add` `label...`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Add label to issue or PR (default if no command is recognized). Authors may only add certain white-listed labels such as `kind/`, `priority/`, `area/`, `component/`, `os/`, `platform/`. The labels can be either fully qualified like `kind/bug`, just the identifier like `bug`, or starting with the category like `kind` followed by one or many identifiers in that category. _Examples: - `/add area/cost component/gardener` - `/add cost gardener` - `/add kind bug regression` - `/area/cost component/gardener` - `/cost gardener` - `/kind bug regression` _{Synonyms: /add, /set, /label, /start, /begin}
`/rca-request`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Adds the `kind/rca` label _Examples: - `/rca-request`
`/remove` `label...`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Remove label from issue or PR. Authors may only remove certain white-listed labels such as `kind/`, `priority/`, `area/`, `component/`, `os/`, `platform/`. The labels can be either fully qualified like `kind/bug`, just the identifier like `bug`, or starting with the category like `kind` followed by one or many identifiers in that category. _Examples: - `/remove area/cost component/gardener` - `/remove cost gardener` - `/remove kind bug regression` _{Synonyms: /remove, /rem, /unset, /unlabel, /stop, /end, /del, /drop, /cancel}
`/lgtm`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member	Add `reviewed/lgtm` label to issue or PR (and remove conflicting labels). _Examples: - `/lgtm`
`/hold`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Add `reviewed/do-not-merge` label to issue or PR (and remove conflicting labels). _Examples: - `/hold`
`/unhold`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Remove `reviewed/do-not-merge` label from issue or PR. _Examples: - `/unhold`
`/close`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author, Owner	Close issue or PR. _Examples: - `/close`
`/reopen`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author, Owner	Reopen issue or PR. _Examples: - `/reopen` _{Synonyms: /reopen, /open}
`/touch`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author, Owner	Remove `lifecycle/icebox`, `stale`, or `rotten` label from issue or PR. Authors may only remove the `stale` or `rotten` labels. _Examples: - `/touch`
`/plan` `milestone`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member	Set milestone for issue/PR. _Examples: - `/plan 2030-Q1` _{Synonyms: /plan, /schedule, /milestone}
`/unplan`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member	Unset milestone for issue. _Examples: - `/unplan` _{Synonyms: /unplan, /unschedule, /unmilestone}
`/no-autoclose`	_{Valid for} Issue _{Permitted for} Anyone	The command will add label 'needs/keep-open' to ticket, and Gardener-Robot won't handle the auto-close when the cluster is no longer exist.
`/ping` `[@user...]` `[msg]`	_{Valid for} Issue, PullRequest _{Permitted for} Anyone	Ping people (or the repo owner if none specified) with a message to take a look at issue or PR (like `/honk` in prow). Labels can be used as well, which are subsituted with the registered reviewers for that label. _Examples: - `/ping @johndoe @janedoe Have you checked?` - `/ping platform/bare-metal Any Progress?` - `/need-help area/networking Could you help on this?` - `/honk @johndoe` _{Synonyms: /ping, /honk, /need-help}
[`/related` `[[-e	--exact-search]` `TERMS]`](https://github.tools.sap/kubernetes/gardener-robot/blob/master/robot/commands/related.py)	_{Valid for} Issue _{Permitted for} Member, Author, Commenter
`/ready-for-review`	_{Valid for} PullRequest _{Permitted for} Maintainer, Member, Author	Turn draft PR into ready for review PR. _Examples: - `/ready-for-review` _{Synonyms: /ready-for-review, /ready}
`/invite` `[@user...]`	_{Valid for} PullRequest _{Permitted for} Maintainer, Member, Author, Commenter	Request PR review from given people (or yourself if none specified) for PR. Commenters may only invite themselves. Labels can be used as well, which are subsituted with the registered reviewers for that label. _Examples: - `/invite` - `/invite @johndoe @janedoe` - `/invite platform/bare-metal` _{Synonyms: /invite, /review}
`/uninvite` `[@user...]`	_{Valid for} PullRequest _{Permitted for} Maintainer, Member, Commenter	No longer request PR review from given people (or yourself if none specified) for PR. Commenters may only uninvite themselves. Labels can be used as well, which are subsituted with the registered reviewers for that label. _Examples: - `/uninvite` - `/uninvite @johndoe @janedoe` - `/uninvite platform/bare-metal` _{Synonyms: /uninvite, /unreview}
[`/summarize` `[-w	--words` `NUMBER]` `[INSTRUCTIONS]`](https://github.tools.sap/kubernetes/gardener-robot/blob/master/robot/commands/summarize.py)	_{Valid for} Issue _{Permitted for} Anyone
`/title` `title`	_{Valid for} Issue, PullRequest _{Permitted for} Maintainer, Member, Author	Change title of issue or PR. _Examples: - `/title Add metrics endpoint` _{Synonyms: /title, /retitle}

* master: Some update message improvements (#1867) Update Yarn to v4.2.2 (#1853) Gracefully Handle Session Secret Changes for Seamless User Experience (#1869) Update dependency sass to v1.77.1 (#1865) Update actions/checkout action to v4.1.5 (#1860) Update dependency eslint-plugin-vue to v9.26.0 (#1861) Update dependency semver to v7.6.2 (#1863) Update the component name from `dashboard` to `gardener-dashboard` (#1857) Cherry picked fix for vuetify issue #19707 (#1868) # Conflicts: # frontend/src/components/ShootAccessRestrictions/GAccessRestrictionChips.vue # frontend/src/components/ShootMessages/GShootMessages.vue

holgerkoser added 3 commits May 13, 2024 16:07

handle decrypt error

ccf8eb9

Merge branch 'master' into bug/fix-1866

47f1a28

* master: Cherry picked fix for vuetify issue #19707 (#1868)

Router Error page for code 401

0d0dbb4

holgerkoser requested review from grolu and petersutter as code owners May 13, 2024 15:20

gardener-robot added needs/review Needs review size/s Size of pull request is small (see gardener-robot robot/bots/size.py) labels May 13, 2024

gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 13, 2024

gardener-robot-ci-3 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 13, 2024

petersutter approved these changes May 14, 2024

View reviewed changes

gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels May 14, 2024

gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 14, 2024

Merge branch 'master' into bug/fix-1866

804406e

gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 14, 2024

grolu approved these changes May 14, 2024

View reviewed changes

holgerkoser merged commit a14d452 into master May 14, 2024
9 checks passed

gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 14, 2024

holgerkoser deleted the bug/fix-1866 branch May 14, 2024 14:44

grolu added the area/ipcei IPCEI (Important Project of Common European Interest) label Jun 4, 2024

grolu mentioned this pull request Jun 4, 2024

[IPCEI] UI Improvements #1903

Open

49 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gracefully Handle Session Secret Changes for Seamless User Experience #1869

Gracefully Handle Session Secret Changes for Seamless User Experience #1869

holgerkoser commented May 13, 2024 •

edited

Loading

petersutter left a comment

grolu left a comment

holgerkoser commented May 14, 2024

gardener-robot commented May 14, 2024

Gracefully Handle Session Secret Changes for Seamless User Experience #1869

Gracefully Handle Session Secret Changes for Seamless User Experience #1869

Conversation

holgerkoser commented May 13, 2024 • edited Loading

petersutter left a comment

Choose a reason for hiding this comment

grolu left a comment

Choose a reason for hiding this comment

holgerkoser commented May 14, 2024

gardener-robot commented May 14, 2024

holgerkoser commented May 13, 2024 •

edited

Loading