Univention Bugzilla – Bug 55684
Password forgotten page broken after UCS 5.0-3 upgrade
Last modified: 2023-02-22 13:03:40 CET
After the upgrade to 5.0-3 upgrade we receive this error when trying the password reset for a user on "/univention/self-service/#page=passwordreset": Internal server error during "passwordreset/get_reset_methods". Request: passwordreset/get_reset_methods Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 351, in __error_handling six.reraise(etype, exc, etraceback) File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 254, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 109, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 169, in _decorated username = args[0].options["username"] KeyError: 'username' Checking the browser, it seems that the request to /univention/command/passwordreset/get_reset_methods is sent with an empty payload: {"options":{}} When modifying the request with {"options":{"username":"foo123"}} we get a 200 as expected. So it seems the frontend is not submitting the form field correctly.
Is this a DC Master/Primary which you are accessing via the browser? In Bug #55346 we changed that "username" doesn't need to be set anymore in the request. That should be correct.
Unfortunately i cannot access Bug #55346, but our setup is a Master/Slave setup and the site is accessed on the master instance.
Customer effected Ticket#2023021521000387 Interner Server-Fehler in "passwordreset/get_reset_methods". KeyError: 'username' username = args[0].options["username"] File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 169, in _decorated return func(self, request, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 109, in _decorator function.__func__(self, request, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 254, in execute raise value File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise six.reraise(etype, exc, etraceback) File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 351, in __error_handling Traceback (most recent call last): Request: passwordreset/get_reset_methods Interner Server-Fehler in "passwordreset/get_reset_methods". ------------------------------------------------------------ 12.02.23 13:27:42.398 MODULE ( PROCESS ) : Loading Python module. 12.02.23 13:27:42.584 MODULE ( PROCESS ) : Imported Python module. 12.02.23 13:27:42.584 MODULE ( PROCESS ) : Module instance created. 12.02.23 13:27:42.584 MODULE ( PROCESS ) : Module socket initialized. 12.02.23 13:27:42.636 MODULE ( PROCESS ) : Setting user LDAP DN None 12.02.23 13:27:42.636 MODULE ( PROCESS ) : Setting auth type to None 12.02.23 13:27:42.636 MODULE ( PROCESS ) : Initializing module. 12.02.23 13:27:42.647 MODULE ( PROCESS ) : get_plugins(): Loaded sending plugin class 'VerifyEmail' for sending method 'verify_email'. 12.02.23 13:27:42.652 MODULE ( PROCESS ) : get_plugins(): Plugin class 'SendSMS' for sending method 'mobile' is disabled. 12.02.23 13:27:42.658 MODULE ( PROCESS ) : get_plugins(): Plugin class 'SendWithExternal' for sending method 'None' is disabled. 12.02.23 13:27:42.661 MODULE ( PROCESS ) : get_plugins(): Loaded sending plugin class 'SendEmail' for sending method 'email'. 12.02.23 13:27:42.663 MODULE ( PROCESS ) : get_plugins(): plugin class 'VerifyEmail' for sending method 'verify_email': udm_property: 'PasswordRecoveryEmailVerified' token_length: '64' 12.02.23 13:27:42.663 MODULE ( PROCESS ) : get_plugins(): plugin class 'SendEmail' for sending method 'email': udm_property: 'PasswordRecoveryEmail' token_length: '64' 12.02.23 13:27:42.666 MODULE ( ERROR ) : prevent_denial_of_service() could not find username argument. self: <univention.management.console.modules.passwordreset.Instance object at 0x7f222ef7c550> args: (<univention.manageme File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 169, in _decorated username = args[0].options["username"] KeyError: 'username' 12.02.23 13:27:42.667 MODULE ( PROCESS ) : Interner Server-Fehler in "passwordreset/get_reset_methods". 12.02.23 13:28:06.199 MAIN ( WARN ) : Shutting down all open connections 12.02.23 13:28:06.199 MAIN ( WARN ) : Shutting down all open connections
Ticket#2023021521000387 since the update to UCS 5.0-3 errata572
Reported another 9 times.
Max merged the changes in: univention-self-service.yaml b84fa09356b3 | Bug #55684: fix accessing self-service password reset methods univention-self-service (5.0.6-2) b84fa09356b3 | Bug #55684: fix accessing self-service password reset methods
OK: removal of DDoS protection for the get-reset-methods endpoint. OK: YAML
<https://errata.software-univention.de/#/?erratum=5.0x585>