https://www.opensuse.org/idp/portal works for fresh users, but throws a 500 for me:
Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/usr/lib/python3.6/site-packages/cherrypy/lib/encoding.py", line 221, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/usr/lib/python3.6/site-packages/cherrypy/_cpdispatch.py", line 60, in __call__ return self.callable(*self.args, **self.kwargs) File "/usr/lib/python3.6/site-packages/ipsilon/util/page.py", line 85, in __call__ return op(*args, **kwargs).encode(\\'utf-8\\') File "/usr/lib/python3.6/site-packages/ipsilon/user/common.py", line 58, in root get_client_display_name(consent[\\'client\\']) File "/usr/lib/python3.6/site-packages/ipsilon/providers/openidp.py", line 142, in get_client_display_name return b64decode(clientid) File "/usr/lib64/python3.6/base64.py", line 87, in b64decode return binascii.a2b_base64(s) binascii.Error: Incorrect padding
Looking at added debug prints, this decodes 2 strings from
sqlite3 /var/lib/ipsilon/idp/userprefs.sqlite sqlite> select * from user_consent; bmwiedemann|openid-b'aHR0cDovL2NpLm9wZW5zdXNlLm9yZy9mZWRlcmF0ZWRMb2dpblNlcnZpY2Uvb3BlbmlkL2ZpbmlzaA=='|{"attributes": ["Trust Root"]} bmwiedemann|openid-b'aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'|{"attributes": ["Trust Root"]}
I tested that both base64 strings decode fine manually. Maybe something broken from the python3 port around binary<->str encoding?
On 5/19/20 5:13 PM, Bernhard M. Wiedemann wrote:
binascii.Error: Incorrect padding ``` Looking at added debug prints, this decodes 2 strings from sqlite3 /var/lib/ipsilon/idp/userprefs.sqlite sqlite> select * from user_consent; bmwiedemann|openid-b'aHR0cDovL2NpLm9wZW5zdXNlLm9yZy9mZWRlcmF0ZWRMb2dpblNlcnZpY2Uvb3BlbmlkL2ZpbmlzaA=='|{"attributes": ["Trust Root"]} bmwiedemann|openid-b'aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'|{"attributes": ["Trust Root"]} I tested that both base64 strings decode fine manually. Maybe something broken from the python3 port around binary<->str encoding?
binascii.Error: Incorrect padding ```
Looking at added debug prints, this decodes 2 strings from sqlite3 /var/lib/ipsilon/idp/userprefs.sqlite sqlite> select * from user_consent; bmwiedemann|openid-b'aHR0cDovL2NpLm9wZW5zdXNlLm9yZy9mZWRlcmF0ZWRMb2dpblNlcnZpY2Uvb3BlbmlkL2ZpbmlzaA=='|{"attributes": ["Trust Root"]} bmwiedemann|openid-b'aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'|{"attributes": ["Trust Root"]}
Note the b''.
Yes, this a typical str/bytes regression caused by this annoying behaviour in PY3:
Python 3.8.2 (default, Mar 05 2020, 18:58:42) [GCC] on linux
'%s' % (b'foo',) "b'foo'"
Ciao, Michael.
OK, the 500 went away after a hackish
UPDATE user_consent SET option='openid-aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv';
The displayed table still had a similar problem then with b'http://...'
b'http://...'
On 5/19/20 5:25 PM, Bernhard M. Wiedemann wrote:
bmwiedemann added a new comment to an issue you are following: `` OK, the 500 went away after a hackish UPDATE user_consent SET option='openid-aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'; The displayed table still had a similar problem then with b'http://...'
bmwiedemann added a new comment to an issue you are following: `` OK, the 500 went away after a hackish UPDATE user_consent SET option='openid-aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv';
BTW: If you run with python3 -bb then this sloppy behaviour raises an exception which greatly helps finding the culprit:
michael@nb2:~/Proj/web2ldap> python3 -bb Python 3.8.2 (default, Mar 05 2020, 18:58:42) [GCC] on linux
'%s' % (b'foo',) Traceback (most recent call last): File "<stdin>", line 1, in <module> BytesWarning: str() on a bytes instance
Could other problems though.
I tried
# head -1 /usr/lib/ipsilon/ipsilon #!/usr/bin/python3 -s -bb
but it did not produce any BytesWarning - or is wsgi handled differently?
I think, the problem comes from ipsilon/providers/openid/auth.py : 166
>>> from base64 import b64encode >>> b64encode(b'test') b'dGVzdA=='
This seems to fix it:
--- a/ipsilon/providers/openid/auth.py +++ b/ipsilon/providers/openid/auth.py @@ -164,6 +164,8 @@ class AuthenticateRequest(ProviderPageBase): if isinstance(trust_root, str): trust_root = trust_root.encode('utf-8') trust_root_b64 = b64encode(trust_root) + if isinstance(trust_root_b64, bytes): + trust_root_b64 = trust_root_b64.decode('utf-8') consentdata = user.get_consent('openid', trust_root_b64) if consentdata is not None: # Consent has already been granted
Metadata Update from @ngompa: - Custom field component adjusted to None - Custom field patch_available adjusted to on - Custom field sensitive adjusted to on - Custom field type adjusted to None - Custom field version adjusted to None - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Fixed with 99d986a.
Login to comment on this ticket.