#245 500 Internal Server Error when user attributes contain non-ascii characters.
Closed: Fixed 2 years ago Opened 2 years ago by tkov.

When trying to authenticate as following user:

$ ipa user-show test
  Prihlasovacie meno: test
  Meno: Testovací
  Priezvisko: Používateľ
  Domovský priečinok: /home/test
  Login shell: /bin/bash
  Principal name: test@MY.REALM
  Principal alias: test@MY.REALM
  E-mailová adresa: test@my.email.domain
  UID: 1711200004
  GID: 1711200004
  Účet deaktivovaný: False
  Heslo: True
  Člen skupín: ipausers
  Kerberos keys available: True

^(Sorry for localized output - LANG=C ipa user-show dies with exactly the same exception, just in different package, and localizes the labels anyway. Prihlasovacie meno=login, Meno=first name, Priezvisko=last name, the rest is obvious).^

the wsgi process throws following exception:

[:error] [pid 1412] [02/Feb/2017:23:21:22]  LOGIN SUCCESSFUL: test
[:error] [pid 1412] [02/Feb/2017:23:21:22] HTTP 
[:error] [pid 1412] Request Headers:
[:error] [pid 1412]   AUTHORIZATION: Negotiate <snip>
[:error] [pid 1412]   COOKIE: 89c2002b-da17-400e-995e-a524802ba099=saml2; idp_ipsilon_session_id=570017998b7c0d9164c60f800b94a5949675130c; 283781b4-a944-4fb3-a9a2-b978e02d5fd5=login; 8669b424-fbc4-4a85-9136-4f1dbf5ebba2=login
[:error] [pid 1412]   ACCEPT-LANGUAGE: sk,cs;q=0.8,en-US;q=0.5,en;q=0.3
[:error] [pid 1412]   USER-AGENT: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
[:error] [pid 1412]   CONNECTION: keep-alive
[:error] [pid 1412]   Remote-Addr:
[:error] [pid 1412]   HOST: <snip>
[:error] [pid 1412]   UPGRADE-INSECURE-REQUESTS: 1
[:error] [pid 1412]   ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[:error] [pid 1412]   ACCEPT-ENCODING: gzip, deflate, br
[:error] [pid 1412] [02/Feb/2017:23:21:22] HTTP Traceback (most recent call last):
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
[:error] [pid 1412]     response.body = self.handler()
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
[:error] [pid 1412]     self.body = self.oldhandler(*args, **kwargs)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
[:error] [pid 1412]     return self.callable(*self.args, **self.kwargs)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__
[:error] [pid 1412]     return op(*args, **kwargs).encode('utf-8')
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/login/authgssapi.py", line 37, in root
[:error] [pid 1412]     'gssapi', userdata)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/login/common.py", line 155, in auth_successful
[:error] [pid 1412]     self.initialize_login_session(username, self.info, auth_type, userdata)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/login/common.py", line 102, in initialize_login_session
[:error] [pid 1412]     infoattrs = info.get_user_attrs(username)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/info/common.py", line 86, in get_user_attrs
[:error] [pid 1412]     result = p.get_user_attrs(user)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/info/infosssd.py", line 108, in get_user_attrs
[:error] [pid 1412]     attrs, groups = self._get_user_data(user)
[:error] [pid 1412]   File "/usr/lib/python2.7/site-packages/ipsilon/info/infosssd.py", line 83, in _get_user_data
[:error] [pid 1412]     dbus_interface=dbus.PROPERTIES_IFACE))
[:error] [pid 1412] UnicodeEncodeError: 'ascii' codec can't encode character u'\\xed' in position 8: ordinal not in range(128)
[:error] [pid 1412] 
[:error] [pid 1412] - test [02/Feb/2017:23:21:22] "GET /idp/login/gssapi/negotiate?ipsilon_transaction_id=fbb12702-1a62-49a6-bc81-8e92bf983c16 HTTP/1.1" 500 1134 "" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"

on the 'í' in user name. When the user is renamed in a way, that all attributes contain only ascii character, everything works fine.

Environment: CentOS7 (1611), ipsilon version 2.0.2

Sorry for the slow response, this is the same as #272 (and this was filed earlier, so sorry).
However, the fix for this is now merged upstream, and will be in the 2.1 release.

Metadata Update from @puiterwijk:
- Custom field patch_available reset (from 0)
- Custom field sensitive reset (from 0)
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.