Page MenuHomePhabricator

PAWS not allowing admins to impersonate users
Open, MediumPublic

Description

Upon trying to impersonate a user to debug T265449 I got a 403 error. The logs read:

OAuth POST from https://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET] != http://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]
[W 2020-10-14 11:31:24.890 JupyterHub web:1786] 403 POST /hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]

The issue seems to be http vs https.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 14 2020, 11:44 AM
Chicocvenancio renamed this task from PAWSn not allowing admins to impersonate users to PAWS not allowing admins to impersonate users.Oct 14 2020, 11:47 AM
Chicocvenancio triaged this task as Medium priority.

Seems we need to set the X-Scheme header to https. I am not sure if we should do this at the haproxy layer or add it in the ingress.

Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptOct 14 2020, 12:06 PM