Issue with AD Authentication in recent conservancy version

Thomas De Schampheleire patrickdepinguin at gmail.com
Mon Mar 23 21:52:48 UTC 2020


Hello,

My change was tested with PostgreSQL.
When I test with SQLite, I get a different error, the same as you got:

Traceback (most recent call last):
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/wsgiapp.py",
line 82, in __call__
    response = self.wrapped_dispatch(controller, environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/errorpage.py",
line 64, in __call__
    resp = self.next_handler(controller, environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/caching.py",
line 54, in __call__
    return self.next_handler(controller, environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/session.py",
line 71, in __call__
    response = self.next_handler(controller, environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/i18n.py",
line 71, in __call__
    return self.next_handler(controller, environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/wsgiapp.py",
line 243, in _dispatch
    return controller(environ, context)
  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/base.py",
line 536, in __call__
    return super(BaseController, self).__call__(environ, context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/dispatcher.py",
line 118, in __call__
    response = self._perform_call(context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/dispatcher.py",
line 107, in _perform_call
    r = self._call(action, params, remainder=remainder, context=context)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/decoratedcontroller.py",
line 129, in _call
    output = controller_caller(context_config,
bound_controller_callable, remainder, params)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/decoration.py",
line 21, in _decorated_controller_caller
    return application_controller_caller(tg_config, controller,
remainder, params)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/configurator/components/dispatch.py",
line 114, in _call_controller
    return controller(*remainder, **params)
  File "</home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/decorator.py:decorator-gen-4>",
line 2, in index

  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/auth.py",
line 637, in __wrapper
    return func(*fargs, **fkwargs)
  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/controllers/home.py",
line 65, in index
    return render('/index.html')
  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/base.py",
line 63, in render
    return render_template({'url': url}, 'mako', template_path)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/render.py",
line 208, in render
    kwargs['result'] = render_function(template_name, tg_vars, **kwargs)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/renderers/mako.py",
line 134, in __call__
    cache_type=cache_type, cache_expire=cache_expire)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/render.py",
line 274, in cached_template
    return render_func()
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/renderers/mako.py",
line 131, in render_template
    return Markup(template.render_unicode(**template_vars))
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/template.py",
line 481, in render_unicode
    self, self.callable_, args, data, as_unicode=True
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 882, in _render
    **_kwargs_for_callable(callable_, data)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 919, in _render_context
    _exec_template(inherit, lclcontext, args=args, kwargs=kwargs)
  File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 946, in _exec_template
    callable_(context, *args, **kwargs)
  File "_base_root_html", line 207, in render_body

  File "_index_html", line 78, in render_header_menu

  File "_base_base_html", line 479, in render_menu

  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 908, in gravatar_div
    gravatar(email_address, cls=cls, size=size)))
  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 923, in gravatar
    src = gravatar_url(email_address, size * 2)
  File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 956, in gravatar_url
    .replace('{email}', email_address) \
TypeError: replace() argument 2 must be str, not bytes



However, the underlying problem is still the same, i.e. the values
obtained from LDAP are stored as bytes instead of strings. In SQLite
this is stored as "b'John'" for firstname, for example, while Postgres
seems to convert it to some hex values.

Nevertheless, the fix I proposed also solves the issue in SQLite.

Best regards,
Thomas


El dom., 22 mar. 2020 a las 21:41, Thomas De Schampheleire
(<patrickdepinguin at gmail.com>) escribió:
>
> Hi Reuben,
>
> El jue., 5 mar. 2020 a las 16:48, Mads Kiilerich
> (<mads at kiilerich.com>) escribió:
> >
> > On 3/5/20 4:29 PM, Reuben Popp wrote:
> >
> > Good morning Mads (or afternoon as the case may be where you're at).
> >
> > My apologies that the report was so sparse.  When I wrote it, I was neck deep in the middle of trying to get things set up for our architects to trial Kallithea.
> >
> > Yes, this was the default branch downloaded from the bitbucket mirror on February 25th.
> >
> > My original report and fix were incorrect.  With it in place, what I noticed was that while an Active Directory account could log in, it would prevent me from logging in using the (local) kallithea admin account.  My best guess here, being a relatively new python noob is that in the case of the kallithea admin account, the email was a string literal, which would then fail because there was no decode() method.  On the other hand, it would work for a byte string such as that coming from AD.
> >
> > That said, the following works for both AD and the local kallithea account:
> >
> > --- lib/helpers.py  2020-02-25 11:18:44.000000000 -0600
> >
> > +++ lib/helpers.py.new 2020-03-05 09:11:30.394700849 -0600
> >
> > @@ -951,6 +951,9 @@
> >
> >      if email_address == _def:
> >
> >          return default
> >
> >
> >
> > +    if isinstance(email_address, bytes):
> >
> > +        email_address = email_address.decode('utf-8')
> >
> > +
> >
> >      parsed_url = urllib.parse.urlparse(url.current(qualified=True))
> >
> >      url = (c.visual.gravatar_url or User.DEFAULT_GRAVATAR_URL) \
> >
> >                 .replace('{email}', email_address) \
> >
> >
> > One thing of note though, and I think this is a deeper issue, as you said, and that's when I look at any AD user account in kallithea, each field (eg, first, last, etc) is enclosed in the byte (?) field delimiter.  eg:  b'Reuben' b'Popp'
> >
> >
> > Yes, the problem seems to be that values retrieved from LDAP are byte encoded. They should be decoded in auth_ldap. But probably only some of the values. I would thus still need
> >
> >
> >
> >> Can you try this and report back when it prints out when you log in
> >> using AD/LDAP?
> >>
> >> --- kallithea/lib/auth_modules/auth_ldap.py
> >> +++ kallithea/lib/auth_modules/auth_ldap.py
> >> @@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K
> >>               aldap = AuthLdap(**kwargs)
> >>               (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
> >> password)
> >>               log.debug('Got ldap DN response %s', user_dn)
> >> +            print(ldap_attrs)
> >>
> >>               def get_ldap_attr(k):
> >>                   return ldap_attrs.get(settings.get(k), [''])[0]
> >>
> >
>
>
> I also encountered an LDAP-related issue with the new Python-3-based
> Kallithea, also found that the LDAP attributes are actually bytes and
> need to be converted, and propose this fix:
> https://kallithea-scm.org/repos/kallithea-incoming/changeset/e1f598d40c38d22fb32da091ca62fa5e7a951c3f
>
> Could you check if it solves your problem too, without the local
> change you made before?
>
> Thanks,
> Thomas


More information about the kallithea-general mailing list