Issue with AD Authentication in recent conservancy version
Thomas De Schampheleire
patrickdepinguin at gmail.com
Mon Mar 23 21:52:48 UTC 2020
Hello,
My change was tested with PostgreSQL.
When I test with SQLite, I get a different error, the same as you got:
Traceback (most recent call last):
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/wsgiapp.py",
line 82, in __call__
response = self.wrapped_dispatch(controller, environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/errorpage.py",
line 64, in __call__
resp = self.next_handler(controller, environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/caching.py",
line 54, in __call__
return self.next_handler(controller, environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/session.py",
line 71, in __call__
response = self.next_handler(controller, environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/appwrappers/i18n.py",
line 71, in __call__
return self.next_handler(controller, environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/wsgiapp.py",
line 243, in _dispatch
return controller(environ, context)
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/base.py",
line 536, in __call__
return super(BaseController, self).__call__(environ, context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/dispatcher.py",
line 118, in __call__
response = self._perform_call(context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/dispatcher.py",
line 107, in _perform_call
r = self._call(action, params, remainder=remainder, context=context)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/decoratedcontroller.py",
line 129, in _call
output = controller_caller(context_config,
bound_controller_callable, remainder, params)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/controllers/decoration.py",
line 21, in _decorated_controller_caller
return application_controller_caller(tg_config, controller,
remainder, params)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/configurator/components/dispatch.py",
line 114, in _call_controller
return controller(*remainder, **params)
File "</home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/decorator.py:decorator-gen-4>",
line 2, in index
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/auth.py",
line 637, in __wrapper
return func(*fargs, **fkwargs)
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/controllers/home.py",
line 65, in index
return render('/index.html')
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/base.py",
line 63, in render
return render_template({'url': url}, 'mako', template_path)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/render.py",
line 208, in render
kwargs['result'] = render_function(template_name, tg_vars, **kwargs)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/renderers/mako.py",
line 134, in __call__
cache_type=cache_type, cache_expire=cache_expire)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/render.py",
line 274, in cached_template
return render_func()
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/tg/renderers/mako.py",
line 131, in render_template
return Markup(template.render_unicode(**template_vars))
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/template.py",
line 481, in render_unicode
self, self.callable_, args, data, as_unicode=True
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 882, in _render
**_kwargs_for_callable(callable_, data)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 919, in _render_context
_exec_template(inherit, lclcontext, args=args, kwargs=kwargs)
File "/home/tdescham/repo/contrib/kallithea/venv/kallithea-dev/lib/python3.6/site-packages/mako/runtime.py",
line 946, in _exec_template
callable_(context, *args, **kwargs)
File "_base_root_html", line 207, in render_body
File "_index_html", line 78, in render_header_menu
File "_base_base_html", line 479, in render_menu
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 908, in gravatar_div
gravatar(email_address, cls=cls, size=size)))
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 923, in gravatar
src = gravatar_url(email_address, size * 2)
File "/home/tdescham/repo/contrib/kallithea/kallithea-dev/kallithea/lib/helpers.py",
line 956, in gravatar_url
.replace('{email}', email_address) \
TypeError: replace() argument 2 must be str, not bytes
However, the underlying problem is still the same, i.e. the values
obtained from LDAP are stored as bytes instead of strings. In SQLite
this is stored as "b'John'" for firstname, for example, while Postgres
seems to convert it to some hex values.
Nevertheless, the fix I proposed also solves the issue in SQLite.
Best regards,
Thomas
El dom., 22 mar. 2020 a las 21:41, Thomas De Schampheleire
(<patrickdepinguin at gmail.com>) escribió:
>
> Hi Reuben,
>
> El jue., 5 mar. 2020 a las 16:48, Mads Kiilerich
> (<mads at kiilerich.com>) escribió:
> >
> > On 3/5/20 4:29 PM, Reuben Popp wrote:
> >
> > Good morning Mads (or afternoon as the case may be where you're at).
> >
> > My apologies that the report was so sparse. When I wrote it, I was neck deep in the middle of trying to get things set up for our architects to trial Kallithea.
> >
> > Yes, this was the default branch downloaded from the bitbucket mirror on February 25th.
> >
> > My original report and fix were incorrect. With it in place, what I noticed was that while an Active Directory account could log in, it would prevent me from logging in using the (local) kallithea admin account. My best guess here, being a relatively new python noob is that in the case of the kallithea admin account, the email was a string literal, which would then fail because there was no decode() method. On the other hand, it would work for a byte string such as that coming from AD.
> >
> > That said, the following works for both AD and the local kallithea account:
> >
> > --- lib/helpers.py 2020-02-25 11:18:44.000000000 -0600
> >
> > +++ lib/helpers.py.new 2020-03-05 09:11:30.394700849 -0600
> >
> > @@ -951,6 +951,9 @@
> >
> > if email_address == _def:
> >
> > return default
> >
> >
> >
> > + if isinstance(email_address, bytes):
> >
> > + email_address = email_address.decode('utf-8')
> >
> > +
> >
> > parsed_url = urllib.parse.urlparse(url.current(qualified=True))
> >
> > url = (c.visual.gravatar_url or User.DEFAULT_GRAVATAR_URL) \
> >
> > .replace('{email}', email_address) \
> >
> >
> > One thing of note though, and I think this is a deeper issue, as you said, and that's when I look at any AD user account in kallithea, each field (eg, first, last, etc) is enclosed in the byte (?) field delimiter. eg: b'Reuben' b'Popp'
> >
> >
> > Yes, the problem seems to be that values retrieved from LDAP are byte encoded. They should be decoded in auth_ldap. But probably only some of the values. I would thus still need
> >
> >
> >
> >> Can you try this and report back when it prints out when you log in
> >> using AD/LDAP?
> >>
> >> --- kallithea/lib/auth_modules/auth_ldap.py
> >> +++ kallithea/lib/auth_modules/auth_ldap.py
> >> @@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K
> >> aldap = AuthLdap(**kwargs)
> >> (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
> >> password)
> >> log.debug('Got ldap DN response %s', user_dn)
> >> + print(ldap_attrs)
> >>
> >> def get_ldap_attr(k):
> >> return ldap_attrs.get(settings.get(k), [''])[0]
> >>
> >
>
>
> I also encountered an LDAP-related issue with the new Python-3-based
> Kallithea, also found that the LDAP attributes are actually bytes and
> need to be converted, and propose this fix:
> https://kallithea-scm.org/repos/kallithea-incoming/changeset/e1f598d40c38d22fb32da091ca62fa5e7a951c3f
>
> Could you check if it solves your problem too, without the local
> change you made before?
>
> Thanks,
> Thomas
More information about the kallithea-general
mailing list