#7804 `ipa otptoken-sync` fails with stack trace
Closed: fixed 4 years ago by cheimes. Opened 5 years ago by briantopping.

Issue

When synchronizing a token using ipa otptoken-sync, incorrect parameters to the invocation properly fail, but correct parameters give a stack trace.

Steps to Reproduce

  1. Follow steps in https://bugzilla.redhat.com/show_bug.cgi?id=1217009#c11

Actual behavior

[root@freeipa-vpn-0 /]# ipa otptoken-sync 752f744e-1879-4499-a9c5-8932f739d26a
User ID: player1
Password: 
First Code: 
Second Code: 
ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute 'name'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 139, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1199, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken.py", line 168, in forward
    query['token'] = DN((obj.primary_key.name, args[0]),
AttributeError: 'NoneType' object has no attribute 'name'
ipa: ERROR: an internal error has occurred

Expected behavior

As in the example, a result of Token synchronized.

Version/Release/Distribution

[root@ns-0 /]# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.6.4-10.el7.centos.x86_64
ipa-client-4.6.4-10.el7.centos.x86_64
389-ds-base-1.3.8.4-18.el7_6.x86_64
pki-ca-10.5.9-6.el7.noarch
krb5-server-1.15.1-34.el7.x86_64

Additional info:

Behavior was confirmed by @frenaud in https://lists.fedorahosted.org/archives/list/freeipa-users%40lists.fedorahosted.org/thread/EKJLQ3NASR6MYRT6QPD3LNFUEVEIFJHL/


The otptoken-sync feature is still broken in 4.8.2. It looks like there is also a bug in the Python 3 port:

# ipa otptoken-sync
User ID: testuser
Password: 
First Code: 
Second Code: 
ipa: ERROR: non-public: TypeError: POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str.
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipalib/backend.py", line 141, in execute
    return self.Command[_name](*args, **options)
  File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 1208, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.7/site-packages/ipaclient/plugins/otptoken.py", line 179, in forward
    rsp = urllib.request.build_opener(handler).open(sync_uri, query)
  File "/usr/lib64/python3.7/urllib/request.py", line 523, in open
    req = meth(req)
  File "/usr/lib64/python3.7/urllib/request.py", line 1247, in do_request_
    raise TypeError(msg)
TypeError: POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str.
ipa: ERROR: an internal error has occurred

Metadata Update from @cheimes:
- Issue priority set to: important
- Issue set to the milestone: FreeIPA 4.8.4

4 years ago

Metadata Update from @cheimes:
- Issue assigned to cheimes

4 years ago

Metadata Update from @cheimes:
- Custom field rhbz adjusted to https://github.com/freeipa/freeipa/pull/3951

4 years ago
4 years ago

master:

  • 095d3f9 Add test case for OTP login
  • e8b9855 Fix otptoken_sync plugin

ipa-4-8:

  • 90f2866 Fix otptoken_sync plugin
  • dfa356e Add test case for OTP login

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

ipa-4-7:

  • 85b595a Add test case for OTP login
  • 40359d2 ipatests: Added test when 2FA prompting configurations is set.

ipa-4-6:

  • cabb7ab Add test case for OTP login
  • b36c4a7 ipatests: Added test when 2FA prompting configurations is set.
  • 734121f Mark xfail for tests using sssd-1.16.3

ipa-4-6:

  • e2238fd ipa otptoken-sync: return error when sync fails
  • 0c62aef ipatests: add negative test for otptoken-sync
  • 69c376b ipatests: python2 does not support f-strings
  • d587d0f Fix otptoken_sync plugin

Login to comment on this ticket.

Metadata