meshery: [bug] Inconsistent Logout Flow
Current Behavior
When a user logs out of Meshery then they experience an odd behavior where they see empty state in Meshery UI.
In the process of logging out, even through the user session is cleared and specific token named cookie is removed the local storage, still they are not redirected to login screen.
The above behavior is usually observed in playground environment. For the case of playground env, CORS errors are also observed in the console/network tab of the browser.
Expected Behavior
Once users logs out then they should be redirected to login screen.
Screenshots/Logs
To Reproduce
- Go to https://playground.meshery.io/
- Login with your credential
- Logout
- Go directly to https://playground.meshery.io/
Contributor Guides and Handbook
- 🛠 Meshery Build & Release Strategy
- 📚 Instructions for contributing to documentation
- 🎨 Wireframes and designs for Meshery UI in Figma (open invite)
- 🙋🏾🙋🏼 Questions: Discussion Forum and Community Slack
About this issue
- Original URL
- State: open
- Created 8 months ago
- Comments: 18 (18 by maintainers)
@coder12git Good call. Thanks for bringing this up. Though that wouldn’t solve the current issue at hand. Because for the case of playground deployment, we never land on Provider’s page (as we have custom build that selects Meshery provider through an env variable that skips the Provider UI where users are given choice to select the providers). You can confirm this by checking the network tab while you are navigating to Playground.
There is a quick way to mimic Playground env locally by running
Maketarget: https://github.com/meshery/meshery/blob/master/Makefile#L184 (To test your local/proposed changes)The CORS issue is due to the fact that Meshery Server is trying to directly reach out to one of the Identity Servers of Remote Provider and it rejects the requests because it has been configured to only listen to the requests that originates from https://meshery.layer5.io.
And this CORS issue is due to the logout bug. If we fix the logout issue then CORS issue would be auto-fixed
@coder12git We use this middleware to determine the user authentication status. https://github.com/meshery/meshery/blob/master/server/handlers/middlewares.go#L60 It introspects the user token and determines if it’s still valid or not. If not valid then it redirects to login screen.
@theBeginner86 can you please assign this issue to me and @Shiva953 , as we both are collaborating on this.
@coder12git I’ve created the thread, please check.
Okay, I am in let’s talk on slack. Can you create a thread on slack in #general or #meshery channel, and pin me, probably we can discuss there 😃
Let’s see what @theBeginner86 says
@theBeginner86 this is the part of code that’s causing this bug - https://github.com/meshery/meshery/blob/008a6e03e72485f793f6344a5d3eac507905a3e9/provider-ui/components/Provider.js#L77-L98
Actually we are making cross-origin request with
credentials: include, but header in the response is wildcard , to fix this we need to specify the exact originhttps://playground.meshery.io/in the header of the response. This is something which will fix that CORS error, and probably that bug too.If the proposed solution seems correct to you, then I would like to work on this issue 😃
Thanks for jumping here, @Shiva953. 👍 Please keep your notes coming…
Also this only happens when we quickly go to the playground after logging out , and if we retry after some time it goes through the usual flow