GutoVeronezi opened a new pull request, #7094: URL: https://github.com/apache/cloudstack/pull/7094
### Description PR #6577 introduced a new mechanism of validation of console sessions, which makes the access tokens one time usable in order to avoid reply attacks and prevent access to the console in case of data leak. When generating the console token, the management server (MS) that processed the request saves it in memory for further validation. When using the token, a request is sent to the CPVM that will validate it (the token) against the MS. In an environment that has more than one MS, the CPVM will establish communication with the first available MS that it founds. In this case, if the CPVM communicates with `MS A` and the console token is generated by `MS A`, the token will work; however, if the CPVM communicates with `MS A` and the console token is generated by `MS B`, the token will not work because the token is being validated against `MS A` and the information is in the memory of `MS B`. This PR intends to handle this situation by temporally saving the console token in the database instead of saving it in the memory of the MS that generated it. This way, independently of which MS generated the token or which MS the CPVM communicates with, the token will be validated. After using the token, it is removed from the database and also from the CPVM. ### Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [X] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ### Feature/Enhancement Scale or Bug Severity #### Bug Severity - [ ] BLOCKER - [ ] Critical - [ ] Major - [X] Minor - [ ] Trivial ### Screenshots (if appropriate):  ### How Has This Been Tested? I created an environment with 2 MS (A and B) and started only A. I enabled the zone in order to create the CPVM. After that, guaranting that the CPVM was communicating with MS A, I started MS B. Previous to the changes, I executed two test cases: - generated a new console access URL (with the API `createConsoleEndpoint`) through MS A and used it. As the CPVM was communicating with MS A, it worked. - generated a new console access URL (with the API `createConsoleEndpoint`) through MS B and used it. As the CPVM was communicating with MS A, it did not worked, presenting the message `Failed to connect to server / access token has expired` With the changes, I executed again the two test cases: - generated a new console access URL (with the API `createConsoleEndpoint`) through MS A and used it. As the CPVM was communicating with MS A, it worked. - generated a new console access URL (with the API `createConsoleEndpoint`) through MS B and used it. As the CPVM was communicating with MS A, it worked too, because the session was being stored in the database. After using the URLs, I checked the database and verified that there were no entries in `cloud.allowed_console_session`, as expected. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
