Hello,

The latest version Open Atrium module "oa_angular" using very old AngularJS library 1.3.7 which has a bug.
This bug will overwrite the pre-existing cookie with a session cookie which may cause the cookie to expire earlier (or later) than desired. To solve this you need to switch AngularJS library to "version 1.4.0".

Steps:

  1. Download AngularJS v1.4.0.
  2. Create new folder "/profiles/openatrium/modules/contrib/oa_angular/js/1.4.0".
  3. Upload AngularJS v1.4.0 files to "/profiles/openatrium/modules/contrib/oa_angular/js/1.4.0" folder.
  4. Edit "oa_angular.module"
  5. Change "const ANGULAR_VERSION = '1.3.7';" to "const ANGULAR_VERSION = '1.4.0';"
  6. Save

Now everything should work properly.

for more details please open the link below:
https://github.com/angular/angular.js/issues/11490

Thanks,
Alex.

Comments

dureaghin created an issue. See original summary.

dureaghin’s picture

dureaghin CreditAttribution: dureaghin commented
Issue summary: View changes
mpotter’s picture

mpotter CreditAttribution: mpotter at Phase2 commented
Priority: Major » Normal

Last time I checked there were problems with the Files/Folder widget and the Site Map widget (both use Angular) when upgrading to newer versions of Angular. So somebody would need to do a lot more testing and work before we could commit this kind of change.

What I'd prefer to see is a patch to oa_angular that fixes the specific bug if that is possible, which is why we put Angular into the oa_angular module in the first place (to give more control over updates since Angular has traditionally broken things during updates).

(Also, this is "Normal" not "Major" since it only affects pages that load Angular, which in default Atrium is just the Sitemap and Files/Folders pages)

dureaghin’s picture

dureaghin CreditAttribution: dureaghin commented

After uploading new file to the files section Angular overwrite the pre-existing cookie which cause the cookie to expire. And if you will try to click on any link after that your session will be not valid anymore and then you will be redirected to the login page. Very easy to reproduce this in Google Chrome, but IE and FF accepting this as ok.. and my session still valid. Basically this is happens in all browsers, but only Google Chrome log you out.

Here is only one work around, you need to upgrade Angular to 1.4.0. Map widget and Files/Folder works properly with 1.4.0.

For us this is Major issue. User's can not navigate at all, because cookies overridden and you always redirect to log in page.

Thanks,

mpotter’s picture

mpotter CreditAttribution: mpotter at Phase2 commented

I could not reproduce this on our test sites here with Chrome and the latest clean install of Open Atrium. The issue title talks about reverse proxy, so is this only an issue with something like Varnish? If so I wonder if it could be a Varnish config issue. If you can reproduce this on a free Pantheon site that uses Varnish that might help.

dureaghin’s picture

dureaghin CreditAttribution: dureaghin commented

Hi Mike,
We are not using Varnish as reverse proxy. Our reverse proxy is IBM DataPower. We have around 250 apps behind our system and they all working properly.

We have Open Atrium behind our secure system with subdomain like "dev.mydomain.state.gov" and all our apps using the same secure Cookie Key like "DOR-SA". You have to log in first to the secure system and then after that log in into Open Atrium. DataPower does not allow app duplicate Cookie Key "DOR-SA". For example if DataPower define a wrong/duplicate request cookie key it will log you out from secure system. By debugging the code we found out what is actually causing this strange behavior, it was angular library. By doing more research on this we found this https://github.com/angular/angular.js/issues/11490 which is resolved our problem.

I will try to test this on getpantheon, but I'm not sure if this can be reproduced on getpanthen. Because I have no idea how they are managing their Cookies if you have a modified Cookie key.

Thanks.

mpotter’s picture

mpotter CreditAttribution: mpotter at Phase2 commented

Thanks for the extra info. Yes, it sounds like a very specific set of layers needed to reproduce it so not likely we'll see it on Pantheon either.

If somebody could turn the pull-request from the https://github.com/angular/angular.js/issues/11490 issue into a simple patch for oa_angular then I'd be happy to commit it.