Same "sync" user credentials across facilities cause sync to fail
See original GitHub issueObserved behavior
Have two facilities with the same admin credentials on a server. Was attempting to import facilities on two different devices using kolibri manage sync...
The sync
was always failing on the 2nd device with this error -
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://192.168.1.69:8080/api/morango/v1/certificates/
After a lot of permutations and combinations realised that setting different passwords for each of the admin
users allowed the sync to complete successfully on each device.
Expected behavior
The sync should have worked even with the same user credentials across facilities since the sync command differentiates the users with a --facility <facilityid>
User-facing consequences
Confusion and anxiety as user has no way to know what is wrong and what is the cause of the error.
Errors and logs
Error message following a large exception dump -
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://192.168.1.69:8080/api/morango/v1/certificates/
Steps to reproduce
- Create two facilities.
- Add a admin user in each of the facilities with exactly the same username and password - admin / password.
- On another device try importing the two facilities using
kolibri manage sync --baseurl <source device ip/domain> --facility <facilityid[1,2]> --username admin --password password --no-push --noninteractive
command. - The import shall most likely fail for the second attempt.
- Now change password of the admin user of the facility for which the sync is failing.
- Stop Kolibri, remove the
KOLIBRI_HOME
folder and start Kolibri. - Reattempt the sync for both the facilities.
- Now the sync shall work for both facilities.
Context
Kolibi 0.14.3
Issue Analytics
- State:
- Created 3 years ago
- Comments:10 (3 by maintainers)
Top GitHub Comments
@jonboiser more than the need of clearing a morango table, to me it seems a case of acknowledging the fact that the 2nd sync attemtping admin user is a unique one based on its facility id and issue a new certificate. Once a certificate is issued, the credentials (username and password) will no longer matter.
In addition, doing some more testing, if I set up the device as a new facility after deprovision, instead of doing an import facility, when I go to import a facility it doesn’t import the new facility (hope that makes sense)