Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DELETE /oauth2/auth/sessions/login/{user} returns 404 #1168

Closed
pixelblend opened this issue Nov 8, 2018 · 6 comments
Closed

DELETE /oauth2/auth/sessions/login/{user} returns 404 #1168

pixelblend opened this issue Nov 8, 2018 · 6 comments
Labels
package/consent
Milestone
v1.0.0-rc.1

Comments

@pixelblend
Copy link

Describe the bug

Unable to remove users session, where {user} is the subject. In our case, we set subject to be the user's UUID.

To Reproduce

Make a DELETE request to /oauth2/auth/sessions/login/{user}

Expected behavior

Invalidates a user's authentication session

Actual Behaviour

auth_1      | time="2018-11-08T16:41:57Z" level=info msg="started handling request" method=DELETE remote="172.22.0.4:49926" request=/oauth2/auth/sessions/login/fc885398-7660-4db9-8c82-07409d5cfba7
auth_1      | time="2018-11-08T16:41:57Z" level=error msg="An error occurred while handling a request" code=404 details="map[]" error="Not Found" reason= request-id= status= trace="Stack trace: \ngithub.com/ory/hydra/consent.(*SQLManager).RevokeUserAuthenticationSession\n\t/go/src/github.com/ory/hydra/consent/manager_sql.go:152\ngithub.com/ory/hydra/consent.(*Handler).DeleteLoginSession\n\t/go/src/github.com/ory/hydra/consent/handler.go:223\ngithub.com/ory/hydra/consent.(*Handler).DeleteLoginSession-fm\n\t/go/src/github.com/ory/hydra/consent/handler.go:77\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1964\ngithub.com/ory/hydra/cmd/server.(*Handler).RejectInsecureRequests\n\t/go/src/github.com/ory/hydra/cmd/server/handler.go:282\ngithub.com/ory/hydra/cmd/server.(*Handler).RejectInsecureRequests-fm\n\t/go/src/github.com/ory/hydra/cmd/server/handler.go:61\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/[email protected]/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1964\ngithub.com/gorilla/context.ClearHandler.func1\n\t/go/pkg/mod/github.com/gorilla/[email protected]/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1964\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON
auth_1      | time="2018-11-08T16:41:57Z" level=info msg="completed handling request" measure#http://localhost:9000/.latency=9454500 method=DELETE remote="172.22.0.4:49926" request=/oauth2/auth/sessions/login/fc885398-7660-4db9-8c82-07409d5cfba7 status=404 text_status="Not Found" took=9.4545ms

Version:
@aeneasr
Copy link
Member

aeneasr commented Nov 8, 2018

Which database are you using, MySQL or PostgreSQL? It's possible that the row check isn't working properly.

@pixelblend
Copy link
Author

Postgres 10.5

@aeneasr
Copy link
Member

aeneasr commented Nov 9, 2018

Interesting. Are you sure this happens every time? The code is written in a way that would only throw a 404 if no session exists. It might make sense to always return 200/201 here though.

@aeneasr
Copy link
Member

aeneasr commented Nov 9, 2018

However, it seems like there is no proper test for this - putting it on the list for investigation.

@aeneasr aeneasr modified the milestones: v1.0.0, unplanned, v1.0.0-rc.1 Nov 9, 2018
aeneasr pushed a commit that referenced this issue Nov 16, 2018
consent: Ignore row count in revoke
feba8dc 
Closes #1168

Signed-off-by: arekkas <[email protected]>
@aeneasr aeneasr mentioned this issue Nov 16, 2018
Merged
aeneasr added a commit that referenced this issue Nov 16, 2018
@aeneasr
consent: Ignore row count in revoke (#1173)
ed1a6f6 
Closes #1168

Signed-off-by: arekkas <[email protected]>
aeneasr added a commit that referenced this issue Nov 18, 2018
@aeneasr
consent: Ignore row count in revoke (#1173)
4665ebd 
Closes #1168

Signed-off-by: arekkas <[email protected]>
aeneasr added a commit that referenced this issue Nov 18, 2018
@aeneasr
consent: Ignore row count in revoke (#1173)
c9f4a16 
Closes #1168

Signed-off-by: arekkas <[email protected]>
@71ppz
Copy link

71ppz commented Aug 15, 2019

I have this exact issue with postgres 9.5. I didn't see a list of version compatibility. Is that located somewhere?

@awesomeUA
Copy link

looks like hydra expect subject as query argument
https://www.ory.sh/hydra/docs/reference/api/#invalidates-all-login-sessions-of-a-certain-user

@github-actions github-actions bot mentioned this issue Oct 7, 2020
Closed
1 task
@NikolaySl NikolaySl mentioned this issue Mar 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
package/consent
Projects
None yet
Milestone
v1.0.0-rc.1
Development

No branches or pull requests
4 participants
@pixelblend @aeneasr @71ppz @awesomeUA