First Last Prev Next    This bug is not in your last search results.
Bug 56189 - UDM REST does not handle username with umlaut | UnicodeEncodeError: 'latin-1' codec can't encode character
UDM REST does not handle username with umlaut | UnicodeEncodeError: 'latin-1'...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM - REST API
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-4-errata
Assigned To: Florian Best
Christian Castens
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-06-22 10:31 CEST by Daniel Tröder
Modified: 2023-07-12 13:57 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2023-06-22 10:31:29 CEST 
On the ID Broker system a user exists with username "<anonymized>-inęs".

GET /udm/users/user/uid=<anonymized>-in%C4%99s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com

21.06.23 17:30:16       ERROR      (     5288) : Uncaught exception 0a65f771-7: GET /udm/users/user/uid=<anonymized>-in%C4%99s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com (0.0.0.0)
    HTTPServerRequest(protocol='http', host='<anonymized>', method='GET', uri='/udm/users/user/uid=<anonymized>-in%C4%99s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com', version='HTTP/1.1', remote_ip='0.0.0.0')
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 3107, in get
        self.content_negotiation(props)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 615, in content_negotiation
        self.finish(codec(formatter(response)))
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1052, in finish
        future = self.flush(include_footers=True)
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 994, in flush
        start_line, self._headers, chunk, callback=callback)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in write_headers
        lines.extend(l.encode('latin1') for l in header_lines)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in <genexpr>
        lines.extend(l.encode('latin1') for l in header_lines)
    UnicodeEncodeError: 'latin-1' codec can't encode character '\u0119' in position 265: ordinal not in range(256)
21.06.23 17:30:16       ERROR      (     5288) : Cannot send error response after headers written
21.06.23 17:30:16       ERROR      (     5288) : Failed to flush partial response
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 3107, in get
        self.content_negotiation(props)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 615, in content_negotiation
        self.finish(codec(formatter(response)))
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1052, in finish
        future = self.flush(include_footers=True)
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 994, in flush
        start_line, self._headers, chunk, callback=callback)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in write_headers
        lines.extend(l.encode('latin1') for l in header_lines)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in <genexpr>
        lines.extend(l.encode('latin1') for l in header_lines)
    UnicodeEncodeError: 'latin-1' codec can't encode character '\u0119' in position 265: ordinal not in range(256)
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1098, in send_error
        self.finish()
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1053, in finish
        self.request.connection.finish()
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 463, in finish
        self._expected_content_remaining)
    tornado.httputil.HTTPOutputError: Tried to write 14553 bytes less than Content-Length
21.06.23 17:30:16.927  MAIN        ( WARN    ) : Reaching service failed: HTTP 599: Empty reply from server
21.06.23 17:30:16       ERROR      (     5100) : 503 GET /udm/users/user/uid=<anonymized>-in%C4%99s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com (127.0.0.1) 88.12ms

----------------------------------------------------------------------------------------------------

UDM can search and find the user when using a filter with umlauts as UTF-8:

univention-ldapsearch -LLL uid=<anonymized>-inęs dn uid
dn:: <anonymized>YXZlbi1iLWluxJlzLGNuPXNjaHVlbGVyLGNuPXVzZXJzLG91PXNjaHVsZW5icmVtZXJoYXZlbi00NTEsZGM9dWNzLGRjPXByb2R1Y3Rpb24sZGM9dW5pdmVudGlvbi1pZC1icm9rZXIsZGM9Y29t
uid:: <anonymized>hhdmVuLWItaW7EmXM=

udm users/user list --filter uid=<anonymized>-inęs

DN: uid=<anonymized>-inęs,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com
...
  username: <anonymized>-inęs
...
Comment 1 Florian Best univentionstaff 2023-06-22 10:33:06 CEST 
Can you tell where did you get the URL from?
Was it provided by the server or generated in the client?
Comment 2 Daniel Tröder univentionstaff 2023-06-22 11:01:25 CEST 
The URL was generated by the client in this case.

But the server does generate a URL on its own, that also leads to the crash:

http://<anonymized>/univention/udm/users/user/?filter=entryUUID=bd2bf89c-b2b0-103c-978f-<anonymized>

finds the user object:

--------------------------------------------------------------
{
    "dn": "uid=<anonymized>-in\u0119s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com",
    "objectType": "users/user",
    "id": "<anonymized>-in\u0119s",
...
    "_links": {
        "self": [
            {
                "name": "uid=<anonymized>-in\u0119s,cn=schueler,cn=users,ou=<anonymized>,dc=ucs,dc=production,dc=univention-id-broker,dc=com",
                "title": "<anonymized>-in\u0119s",
                "href": "http://<anonymized>/univention/udm/users/user/uid%3D<anonymized>-in%C4%99s%2Ccn%3Dschueler%2Ccn%3Dusers%2Cou%3D<anonymized>%2Cdc%3Ducs%2Cdc%3Dproduction%2Cdc%3Dunivention-id-broker%2Cdc%3Dcom"
            }
        ]
    }
}

--------------------------------------------------------------

If I open the URL from _links→self→href the above traceback happens.
Comment 3 Florian Best univentionstaff 2023-06-22 11:21:05 CEST 
Ok, thanks.
HTTP specifies it's protocol elements to be ISO8859-1. So UTF-8 is problematic. I will see what I can come up with.
Comment 5 Florian Best univentionstaff 2023-06-27 09:07:38 CEST 
This was the "title" attribute of a Link header - non-compatible chars are now just replaced in there.

univention-directory-manager-rest.yaml
7e6b6faf958c | Bug #56189: fix accessing objects with UTF-8 character in its DN

univention-directory-manager-rest (10.0.6-6)
7e6b6faf958c | Bug #56189: fix accessing objects with UTF-8 character in its DN
Comment 6 Florian Best univentionstaff 2023-06-27 09:09:26 CEST 
QA: reproduce via:
udm users/user create --set username=foo-inęs --set lastname=foobar --set password=univention
curl "http://Administrator:univention@localhost/univention/udm/users/user/uid%3Dfoo-in%C4%99s%2C$(ucr get ldap/base)"
Comment 7 Christian Castens univentionstaff 2023-06-28 16:23:34 CEST 
QA:
Accessing objects that contain UTF-8 characters in their LDAP DN possible (tested as described in Comment 6):  OK
advisories: OK
no related tracebacks or errors in logfiles: OK
Comment 8 Christian Castens univentionstaff 2023-07-12 13:57:22 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x740>
First Last Prev Next    This bug is not in your last search results.