First Last Prev Next    This bug is not in your last search results.
Bug 50522 - HTTP 500 - INVALID_CREDENTIALS traceback when authenticated user changes password
HTTP 500 - INVALID_CREDENTIALS traceback when authenticated user changes pass...
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM - REST API
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-20 15:09 CET by Daniel Tröder
Modified: 2023-09-01 22:48 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023090121000202
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2019-11-20 15:09:10 CET 
When a user that has authenticated and is using the UDM REST API changes its password, the next request leads to:

19.11.19 17:30:22       ERROR      (    14603) : Uncaught exception GET /udm/users/user/uid=user7,cn=users,dc=uni,dc=dtr (0.0.0.0)
    HTTPServerRequest(protocol='http', host='10.200.3.11', method='GET', uri='/udm/users/user/uid=user7,cn=users,dc=uni,dc=dtr', version='HTTP/1.1', remote_ip='0.0.0.0', headers={'X-Umc-Https': 'on', 'Via': '1.1 m11.uni.dtr', 'Accept-Encoding': 'gzip, deflate', 'X-Forwarded-Host': '10.200.3.11', 'X-Forwarded-For': '10.205.2.33', 'Host': '10.200.3.11', 'Accept': 'application/json', 'User-Agent': 'OpenAPI-Generator/1.0.0/python', 'Connection': 'close', 'X-Forwarded-Proto': 'https', 'X-Forwarded-Server': 'm11.uni.dtr', 'Content-Type': 'application/json', 'X-Forwarded-Ssl': 'on', 'Authorization': 'Basic dXNlcjc6dW5pdmVudGlvbg=='})
    Traceback (most recent call last):
      File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1446, in _execute
        result = self.prepare()
      File "/usr/lib/python2.7/dist-packages/univention/admin/rest/module.py", line 390, in prepare
        self.parse_authorization(authorization)
      File "/usr/lib/python2.7/dist-packages/univention/admin/rest/module.py", line 399, in parse_authorization
        if self.ldap_connection.whoami():
      File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 652, in whoami
        dn = self.lo.lo.whoami_s()
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 996, in whoami_s
        return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs)
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 935, in _apply_method_s
        self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay)
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 903, in reconnect
        self._apply_last_bind()
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 873, in _apply_last_bind
        func(self,*args,**kwargs)
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 223, in simple_bind_s
        resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
        resp_ctrl_classes=resp_ctrl_classes
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
        ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
      File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
        result = func(*args,**kwargs)
    INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Comment 1 Ingo Steuwer univentionstaff 2019-11-26 14:55:19 CET 
my understanding from other conversations: This happens (also) if the password is changed by other ways than UDM REST API.

The result of such an request should be a proper error code send to the client.
First Last Prev Next    This bug is not in your last search results.