Univention Bugzilla – Bug 48358
Filter portal entries for logged in user in the backend
Last modified: 2019-03-12 13:40:55 CET
We need a service for the portal in order to filter entries based on auth in the backend not in the frontend.
After installing and opening the portal I get a 500 Internal Server Error. The portal.log contains the following: 18818 server 19-01-15 09:40:38 [ INFO]: firing up portal server at port 8095 18818 user 19-01-15 09:45:38 [ DEBUG]: searching user for ed19c516-31fe-471b-9009-a9cfc636fc6d 18818 user 19-01-15 09:45:38 [ WARNING]: session unknown! 18818 user 19-01-15 09:45:38 [ DEBUG]: no user found 18818 cache 19-01-15 09:45:38 [ INFO]: refreshing cache 18818 cache 19-01-15 09:45:38 [ ERROR]: Error during refresh Traceback (most recent call last): File "/usr/bin/univention-portal-server", line 159, in refresh localhost = self.udm.obj_by_dn(ldap_hostdn) File "/usr/lib/pymodules/python2.7/univention/udm/udm.py", line 241, in obj_by_dn udm_module = self.get(uot) File "/usr/lib/pymodules/python2.7/univention/udm/udm.py", line 215, in get raise ApiVersionNotSupported(module_name=name, requested_version=self.api_version) ApiVersionNotSupported: Module 'computers/domaincontroller_master' is not supported in API version 2. 18818 cache 19-01-15 09:45:38 [ INFO]: loading cache file 18818 cache 19-01-15 09:45:38 [ INFO]: refreshing cache 18818 cache 19-01-15 09:45:38 [ ERROR]: Error during refresh Traceback (most recent call last): File "/usr/bin/univention-portal-server", line 159, in refresh localhost = self.udm.obj_by_dn(ldap_hostdn) File "/usr/lib/pymodules/python2.7/univention/udm/udm.py", line 241, in obj_by_dn udm_module = self.get(uot) File "/usr/lib/pymodules/python2.7/univention/udm/udm.py", line 215, in get raise ApiVersionNotSupported(module_name=name, requested_version=self.api_version) ApiVersionNotSupported: Module 'computers/domaincontroller_master' is not supported in API version 2. 18818 cache 19-01-15 09:45:38 [ INFO]: loading cache file 18818 server 19-01-15 09:45:38 [ ERROR]: Error during service Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1467, in _execute result = method(*self.path_args, **self.path_kwargs) File "/usr/bin/univention-portal-server", line 344, in get portal_content = answer['portal'] = self._get_portal(username, admin_mode) File "/usr/bin/univention-portal-server", line 255, in _get_portal portal = cache.get('portal') File "/usr/bin/univention-portal-server", line 136, in get return self._get_portal(name) File "/usr/bin/univention-portal-server", line 151, in _get_portal self.load() File "/usr/bin/univention-portal-server", line 129, in load with open(self.PORTAL_CACHE) as fd: IOError: [Errno 2] No such file or directory: '/var/cache/univention-portal/portal.json' Apparently there is a problem because the cache file is expected to be present but is not. Also a API version should be supported to remove that error message.
Another point on the code: It is probably not really required for the type of portals our customers run, but we cannot eliminate the possibility, that there are highly frequented portals. So we might consider using tornados asynchronous capabilities. That would mean defining the RequestHandlers get method as async and facilitate the run_in_executor functionality for anything accessing UDM (which is blocking code)
01_base.27check_logfiles_univention.test Test failed (World-readable Univention-specific logfiles) [2019-01-16 15:44:25.816104] -rw-r--r-- 1 root root 174 Jan 16 15:34 /var/log/univention/portal.log
Another problem ist that after installing these changes all portal_entries have the same icon. The json that arrives in the frontend has the following URL for all icons: http://10.200.6.120/univention/portal/icons/entries/ucsschool_demo_portal.png where demo_portal is the name of the portal object and in no case the name of any icon or entry.
I fixed the log file and the icon names. Doing it async would be nice, but I counted >3000 requests served per minute. This _should_ be enough. Should it ever be a problem, the framework is prepared.
I just saw this new daemon. Very nice, that we use tornado there! Some things to consider: 1. is it necessary that the daemon runs as root? 2. can you please revert adding the function Root.check_session() to the UMC-Webserver again? You can just use /session-info/ which contains the same information. (3. Are you sure you want to make a http instead of https connection to the localhost webserver? The plaintext data transferred contain the session id of users.) 4. b/management/univention-portal/33univention-portal.inst contains " ## joinscript api: bindpwdfile" twice! 5. b/management/univention-portal/listener/portal_groups.py contains the old __package__ == '' workaround. See last entry in https://hutten.knut.univention.de/mediawiki/index.php/Code-Richtlinien#Weiteres
(In reply to Florian Best from comment #6) > I just saw this new daemon. > Very nice, that we use tornado there! > > Some things to consider: > > 1. is it necessary that the daemon runs as root? Yes, for the machine connection > > 2. can you please revert adding the function Root.check_session() to the > UMC-Webserver again? You can just use /session-info/ which contains the same > information. Thanks. Done. > > (3. Are you sure you want to make a http instead of https connection to the > localhost webserver? The plaintext data transferred contain the session id > of users.) > Transfer is done to localhost (most probably) and should therefore be safe. > 4. b/management/univention-portal/33univention-portal.inst > contains > " ## joinscript api: bindpwdfile" twice! > Fixed > 5. b/management/univention-portal/listener/portal_groups.py > contains the old __package__ == '' workaround. > See last entry in > https://hutten.knut.univention.de/mediawiki/index.php/Code- > Richtlinien#Weiteres Fixed
The Traceback from comment #1 occurs reproducible on fresh installs of UCS 4.4
*** Bug 48827 has been marked as a duplicate of this bug. ***
Hmmm... which traceback exactly? The last one is the missing cache file. But what caused the file to not be created in the first place? The UDM version (Comment 1)? Or the missing DN (Bug #48827)? How can I reproduce this? My DC Master has a working JSON after the setup. Anyway, I added a very basic json that is installed along with the package and will be used as a fallback. This may make problems should this be edited. But at least it is not blank. Maybe we should prevent edit mode with this data? univention-portal 3.0.1-19A~4.4.0.201903050124
univention-portal (3.0.1-20) unstable; urgency=medium * Bug #48595: Reload ucr when loading cache. This prevents errors when the server ran before system setup set ldap/hostdn Patch was added by Dirk. With that everything looks fine now.
UCS 4.4 has been released: https://docs.software-univention.de/release-notes-4.4-0-en.html https://docs.software-univention.de/release-notes-4.4-0-de.html If this error occurs again, please use "Clone This Bug".