Univention Bugzilla – Bug 52832
Traceback during password change via UMC
Last modified: 2021-02-24 16:52:10 CET
Set password/hashing/bcrypt=true create a user Unset password/hashing/bcrypt Goto UMC as Administrator and change password for user: Request: udm/put (users/user) File "/usr/lib/python2.7/dist-packages/notifier/threads.py", line 80, in _run result = self._function() File "/usr/lib/python2.7/dist-packages/notifier/__init__.py", line 104, in __call__ return self._function(*tmp, **self._kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/udm/__init__.py", line 440, in _thread module.modify(properties) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 645, in modify obj.modify() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/user.py", line 1410, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1324, in _modify ml = self._ldap_modlist() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/user.py", line 1703, in _ldap_modlist ml = self._check_password_history(ml, pwhistoryPolicy) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/user.py", line 1774, in _check_password_history if univention.admin.password.password_already_used(self['password'], pwhistory): File "/usr/lib/python2.7/dist-packages/univention/admin/password.py", line 302, in password_already_used if bcrypt.checkpw(password, password_hash): File "/usr/lib/python2.7/dist-packages/bcrypt/__init__.py", line 100, in checkpw raise TypeError("Unicode-objects must be encoded before checking") TypeError: Unicode-objects must be encoded before checking
This probably doesn't happen with UCS 5.0, right?
password is <type 'unicode'> (UMC)
(In reply to Florian Best from comment #1) > This probably doesn't happen with UCS 5.0, right? i guess so, because we use if bcrypt.checkpw(password.encode('utf-8'), password_hash.encode('ASCII')): in UCS 5.0 should i just change 4.4-7 in that way? or maybe if isinstance(password, six.text_type): password = password.encode('utf-8') ...
(In reply to Felix Botner from comment #3) Both variants are okay. A direct .encode('UTF-8') would do .decode('UTF-8').encode('UTF-8') if the input is bytes. In UCS 5 we ensure this can't happen. The check for unicode type is more correct in Py2/UCS 4.4 as both types are possible there.
(In reply to Florian Best from comment #4) > (In reply to Felix Botner from comment #3) > > Both variants are okay. > > A direct .encode('UTF-8') would do .decode('UTF-8').encode('UTF-8') if the > input is bytes. In UCS 5 we ensure this can't happen. > > The check for unicode type is more correct in Py2/UCS 4.4 as both types are > possible there. thanks, than i got with the Py2/UCS 4.4 variant
a8d35dcf71ea1ddee0c87535ca7900f2783aa37e - univention-directory-manager-modules encode password (utf8) if password is unicode 2931616d66c9f053385216cfacd8b4d3e91db21d - yaml
Password change works as Administrator over UMC: OK Password change works at login: OK Password change works with udm: OK Needs no merge to UCS5: OK Ldap auth works: OK umc-command auth works: OK yaml: OK Verified
<https://errata.software-univention.de/#/?erratum=4.4x901>