#9927 bodhi client fails to authenticate user on staging instance
Opened 10 days ago by ryanlerch. Modified 2 days ago

On the staging instance of bodh (new version 5.7.0)i, there is a reported issue that the bodhi client does not authenticate:

See: https://github.com/fedora-infra/bodhi/issues/4212


on the surface, this appears to be possibly the same issue encountered here:

https://pagure.io/fedora-infrastructure/issue/9773

on the surface, this appears to be possibly the same issue encountered here:

https://pagure.io/fedora-infrastructure/issue/9773

+1

@abompard did you fix both stg and prod? (I assume though, just double checking :))

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, low-trouble, ops

10 days ago

I did update staging, so it's probably a different issue. I'm not currently able to reproduce it, and it's too old to find in ipsilon's logs. Could someone reproduce it so I can check what's wrong with ipsilon?

@abompard just reproduced:

$ kdestroy -a

$ bodhi updates edit FEDORA-2021-ec209e9464 --type bugfix --staging --debug

Warning: openid_api and staging flags are both set. openid_api will be ignored.


Warning: url and staging flags are both set. url will be ignored.

Username: pingou
Password: 
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/fedora/client/openidbaseclient.py", line 260, in send_request
    output = func(method, **kwargs)
  File "/usr/lib/python3.9/site-packages/fedora/client/openidbaseclient.py", line 88, in _decorator
    raise LoginRequiredError(
fedora.client.LoginRequiredError: https://bodhi.stg.fedoraproject.org/updates/ requires a logged in user

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 117, in wrapper
    result = method(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 280, in save
    return self.send_request('updates/', verb='POST', auth=True,
  File "/usr/lib/python3.9/site-packages/fedora/client/openidbaseclient.py", line 262, in send_request
    raise AuthError()
fedora.client.AuthError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/bodhi", line 33, in <module>
    sys.exit(load_entry_point('bodhi-client==5.6.1', 'console_scripts', 'bodhi')())
  File "/usr/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/__init__.py", line 263, in wrapper
    method(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/__init__.py", line 567, in edit
    resp = client.save(**kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 142, in wrapper
    result = method(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 276, in save
    kwargs['csrf_token'] = self.csrf()
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 117, in wrapper
    result = method(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 616, in csrf
    self.login(self.username, self.password)
  File "/usr/lib/python3.9/site-packages/fedora/client/openidbaseclient.py", line 303, in login
    response = openid_login(
  File "/usr/lib/python3.9/site-packages/fedora/client/openidproxyclient.py", line 132, in openid_login
    raise ServerError(FEDORA_OPENID_API, response.status_code,
fedora.client.ServerError: ServerError(https://id.stg.fedoraproject.org/api/v1/, 500, Error returned from our POST to ipsilon.)

Do those seeing this have a otp?

try entering your password + otp

Good catch kevin, I couldn't reproduce it until I tried my password without my OTP token. Then I get the same traceback.
We used to not require it, but now that it's all integrated the Bodhi client needs it too.
The error message could be better, though...

Hopefully this commit will make things clearer.

Should we move the "Port Bodhi to OpenID Connect" task up our priority list? ;-)

I'm not sure it's better with OIDC. ;( But I guess ipsilon can't really do much here other than saying 'password wrong' rather than traceback.

I originally reported the bug upstream, but I didn't have time to follow up this thread.

I've just read the latest comments, I do not have any OTP set neither on my prod or staging account, but I could successfully edit an update in prod, while in staging I get the error reply.

Bodhi staging is on 5.7.0, while prod is 5.6.1, but there wasn't any change in the authentication or client code.

I can try again when the above commit is pushed to staging ipsilon, just let me know.

@mattia can you login to https://accounts.stg.fedoraproject.org ? There was a time we redid everything in stg, so you may need to reset your password again?

@kevin I can login both in https://accounts.stg.fedoraproject.org and https://bodhi.stg.fedoraproject.org, so I suppose the password I'm using is fine. But bodhi client in staging still fails to authenticate me.

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog