Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show warning on deleting the identity that is currently logged in #1146

Merged
merged 1 commit into from
Mar 24, 2025
Merged

Show warning on deleting the identity that is currently logged in #1146

merged 1 commit into from
Mar 24, 2025
+53 −15

Conversation

edlerd
Copy link
Collaborator

@edlerd edlerd commented Mar 18, 2025

Done

  • Show warning on deleting the identity that is currently logged in

Fixes WD-20336

QA

  1. Run the LXD-UI:
  2. Perform the following QA steps:
    • log in with oidc or a new tls identity as per feat: [WD-19725] TLS Onboarding Refinement #1139
    • go to permissions > identities, and delete the identity. Also try bulk delete. Both paths should contain a warning in the confirmation. For any other identity, not including the current user, the warning should not be visible.

Screenshot

image

@webteam-app
Copy link

Demo

Jenkins

demos.haus

Kxiru
Kxiru previously approved these changes Mar 18, 2025
View reviewed changes
Copy link
Contributor

@Kxiru Kxiru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love the branch name!
Looks good to me, and it's a good thing to be able to confirm that the current user is being deleted. Any way for the "user" to be redirected to the login page after this? As currently the person is still able to view the interface, but just as though they have no permissions.

image

@edlerd
Copy link
Collaborator Author

edlerd commented Mar 18, 2025

Any way for the "user" to be redirected to the login page after this? As currently the person is still able to view the interface, but just as though they have no permissions.

That is a good point, we should invalidate the cache after this to revalidate the users auth. Will add this to this PR.

@edlerd edlerd force-pushed the self-delete-notify branch from 108433e to 3455c27 Compare March 18, 2025 22:08
@edlerd edlerd requested a review from Kxiru March 18, 2025 22:12
Kxiru
Kxiru reviewed Mar 19, 2025
View reviewed changes
Copy link
Contributor

@Kxiru Kxiru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For your self-delete PR, this is the page that I get after deleting. This is after fetching/pulling. Just in case, I deleted the branch and checked it out again and repeated the process, but I'm still getting the same outcome. The user isn't actually logged out.

image

@edlerd edlerd force-pushed the self-delete-notify branch from 3455c27 to 95e9b32 Compare March 19, 2025 17:05
@edlerd
Copy link
Collaborator Author

edlerd commented Mar 19, 2025

For your self-delete PR, this is the page that I get after deleting. This is after fetching/pulling. Just in case, I deleted the branch and checked it out again and repeated the process, but I'm still getting the same outcome. The user isn't actually logged out.

Good catch!

With OIDC users, they get immediately recreated after deletion. Because those type of users can self-register. So the user gets deleted, and the cache invalidated. On the next api request, the user is authenticated as OIDC user and lxd recreates the user. I added some logic to logout oidc if the current user is using oidc and removes themselves to avoid the re-creation.

@edlerd edlerd requested a review from Kxiru March 19, 2025 17:08
@edlerd
feat(identity) show warning on deleting the identity that is currentl…
d318bbe 
…y logged in WD-20336

Signed-off-by: David Edler <david.edler@canonical.com>
@edlerd edlerd force-pushed the self-delete-notify branch from 95e9b32 to d318bbe Compare March 19, 2025 17:09
Kxiru
Kxiru approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@Kxiru Kxiru left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Single delete modal:
    image

  • Bulk delete modal:
    image

  • After delete:
    image

LGTM! Though upon clicking "Login with SSO" again on this page, I get redirected back into the UI as the same user as before. However I am unsure as to whether this is a local caching issue or a larger bug/error. Surely a deleted user should no longer have working credentials even if this is cached. Refreshing the page does not fix the problem. Screenshot below (Just normal view of OIDC user with restricted privilieges, attempting to access a project).

image

@edlerd
Copy link
Collaborator Author

edlerd commented Mar 24, 2025

[...]upon clicking "Login with SSO" again on this page, I get redirected back into the UI as the same user as before. However I am unsure as to whether this is a local caching issue or a larger bug/error. Surely a deleted user should no longer have working credentials even if this is cached. Refreshing the page does not fix the problem. Screenshot below (Just normal view of OIDC user with restricted privilieges, attempting to access a project).

@Kxiru that is due to the user being recreated on login. OIDC users will register themselves after successful login. This is per design and should be ok.

@edlerd edlerd merged commit 2706cb7 into canonical:main Mar 24, 2025
11 checks passed
@Kxiru
Copy link
Contributor

Kxiru commented Mar 24, 2025

[...]upon clicking "Login with SSO" again on this page, I get redirected back into the UI as the same user as before. However I am unsure as to whether this is a local caching issue or a larger bug/error. Surely a deleted user should no longer have working credentials even if this is cached. Refreshing the page does not fix the problem. Screenshot below (Just normal view of OIDC user with restricted privilieges, attempting to access a project).

@Kxiru that is due to the user being recreated on login. OIDC users will register themselves after successful login. This is per design and should be ok.

Ah yes, I think I recall you mentioning this. Thanks for assuading my fears!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kxiru Kxiru Kxiru approved these changes

Assignees
No one assigned
Labels
Review: Code needed Review: QA needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edlerd @webteam-app @Kxiru