Page MenuHomePhabricator

PAWS not allowing admins to impersonate users
Open, MediumPublic

Description

Upon trying to impersonate a user to debug T265449 I got a 403 error. The logs read:

OAuth POST from https://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET] != http://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]
[W 2020-10-14 11:31:24.890 JupyterHub web:1786] 403 POST /hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]

The issue seems to be http vs https.

Event Timeline

Chicocvenancio renamed this task from PAWSn not allowing admins to impersonate users to PAWS not allowing admins to impersonate users.Oct 14 2020, 11:47 AM
Chicocvenancio triaged this task as Medium priority.

Seems we need to set the X-Scheme header to https. I am not sure if we should do this at the haproxy layer or add it in the ingress.