#332 binascii.a2b_base64 binascii.Error: Incorrect padding
Closed: Fixed a year ago by ngompa. Opened a year ago by bmwiedemann.

https://www.opensuse.org/idp/portal works for fresh users, but throws a 500 for me:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python3.6/site-packages/cherrypy/lib/encoding.py", line 221, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/cherrypy/_cpdispatch.py", line 60, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/lib/python3.6/site-packages/ipsilon/util/page.py", line 85, in __call__
    return op(*args, **kwargs).encode(\\'utf-8\\')
  File "/usr/lib/python3.6/site-packages/ipsilon/user/common.py", line 58, in root
    get_client_display_name(consent[\\'client\\'])
  File "/usr/lib/python3.6/site-packages/ipsilon/providers/openidp.py", line 142, in get_client_display_name
    return b64decode(clientid)
  File "/usr/lib64/python3.6/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

Looking at added debug prints, this decodes 2 strings from

sqlite3 /var/lib/ipsilon/idp/userprefs.sqlite 
sqlite> select * from user_consent;
bmwiedemann|openid-b'aHR0cDovL2NpLm9wZW5zdXNlLm9yZy9mZWRlcmF0ZWRMb2dpblNlcnZpY2Uvb3BlbmlkL2ZpbmlzaA=='|{"attributes": ["Trust Root"]}
bmwiedemann|openid-b'aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'|{"attributes": ["Trust Root"]}

I tested that both base64 strings decode fine manually. Maybe something broken from the python3 port around binary<->str encoding?


On 5/19/20 5:13 PM, Bernhard M. Wiedemann wrote:

binascii.Error: Incorrect padding
```

Looking at added debug prints, this decodes 2 strings from
sqlite3 /var/lib/ipsilon/idp/userprefs.sqlite sqlite> select * from user_consent; bmwiedemann|openid-b'aHR0cDovL2NpLm9wZW5zdXNlLm9yZy9mZWRlcmF0ZWRMb2dpblNlcnZpY2Uvb3BlbmlkL2ZpbmlzaA=='|{"attributes": ["Trust Root"]} bmwiedemann|openid-b'aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv'|{"attributes": ["Trust Root"]}

I tested that both base64 strings decode fine manually. Maybe
something broken from the python3 port around binary<->str encoding?

Note the b''.

Yes, this a typical str/bytes regression caused by this annoying
behaviour in PY3:

Python 3.8.2 (default, Mar 05 2020, 18:58:42) [GCC] on linux

'%s' % (b'foo',)
"b'foo'"

Ciao, Michael.

OK, the 500 went away after a hackish

UPDATE user_consent SET option='openid-aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv';

The displayed table still had a similar problem then with b'http://...'

On 5/19/20 5:25 PM, Bernhard M. Wiedemann wrote:

bmwiedemann added a new comment to an issue you are following:
``
OK, the 500 went away after a hackish
UPDATE user_consent SET option='openid-aHR0cDovL29rdXJ6LXZtLnFhLnN1c2UuZGUv';

The displayed table still had a similar problem then with b'http://...'

BTW: If you run with python3 -bb then this sloppy behaviour raises an
exception which greatly helps finding the culprit:

michael@nb2:~/Proj/web2ldap> python3 -bb
Python 3.8.2 (default, Mar 05 2020, 18:58:42) [GCC] on linux

'%s' % (b'foo',)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
BytesWarning: str() on a bytes instance

Could other problems though.

I tried

# head -1 /usr/lib/ipsilon/ipsilon
#!/usr/bin/python3 -s -bb

but it did not produce any BytesWarning - or is wsgi handled differently?

I think, the problem comes from
ipsilon/providers/openid/auth.py : 166

>>> from base64 import b64encode
>>> b64encode(b'test')
b'dGVzdA=='

This seems to fix it:

--- a/ipsilon/providers/openid/auth.py
+++ b/ipsilon/providers/openid/auth.py
@@ -164,6 +164,8 @@ class AuthenticateRequest(ProviderPageBase):
         if isinstance(trust_root, str):
             trust_root = trust_root.encode('utf-8')
         trust_root_b64 = b64encode(trust_root)
+        if isinstance(trust_root_b64, bytes):
+            trust_root_b64 = trust_root_b64.decode('utf-8')
         consentdata = user.get_consent('openid', trust_root_b64)
         if consentdata is not None:
             # Consent has already been granted

Metadata Update from @ngompa:
- Custom field component adjusted to None
- Custom field patch_available adjusted to on
- Custom field sensitive adjusted to on
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata
Related Pull Requests
  • #333 Merged a year ago