New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UserPasswordAuth: broken on py3? #3162

Closed
tardyp opened this Issue Apr 30, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@tardyp
Member

tardyp commented Apr 30, 2017

reported by @aliceinwire on IRC

if auth is configured with:

c['www']['auth'] = util.UserPasswordAuth(usernames_passwords)

Got error in the logs

        Traceback (most recent call last):
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/_auth/wrapper.py", line 133, in render
            return self._authorizedResource(request).render(request)
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/util.py", line 138, in render
            self.d.addCallback(self._cbChild, request).addErrback(
          File "/root/buildbot/lib/python3.4/site-packages/twisted/internet/defer.py", line 321, in addCallback
            callbackKeywords=kw)
          File "/root/buildbot/lib/python3.4/site-packages/twisted/internet/defer.py", line 310, in addCallbacks
            self._runCallbacks()
        --- <exception caught here> ---
          File "/root/buildbot/lib/python3.4/site-packages/twisted/internet/defer.py", line 653, in _runCallbacks
            current.result = callback(current.result, *args, **kw)
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/util.py", line 144, in _cbChild
            request.render(resource.getChildForRequest(child, request))
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/server.py", line 241, in render
            body = resrc.render(self)
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/_auth/wrapper.py", line 59, in render
            generateWWWAuthenticate(fact.scheme, challenge))
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/_auth/wrapper.py", line 48, in generateWWWAuthenticate
            l.append(networkString("%s=%s" % (k, quoteString(v))))
          File "/root/buildbot/lib/python3.4/site-packages/twisted/web/_auth/wrapper.py", line 52, in quoteString
            return '"%s"' % (s.replace('\\', '\\\\').replace('"', '\\"'),)
        builtins.TypeError: 'str' does not support the buffer interface

my guess is there is a need for a bytesToNativeString somewhere

@tardyp tardyp added auth py3 labels Apr 30, 2017

@aliceinwire

This comment has been minimized.

Show comment
Hide comment
@aliceinwire

aliceinwire Apr 30, 2017

also with c['www']['auth'] = util.HTPasswdAuth("password")
with both clear password and hashed password

aliceinwire commented Apr 30, 2017

also with c['www']['auth'] = util.HTPasswdAuth("password")
with both clear password and hashed password

@tardyp

This comment has been minimized.

Show comment
Hide comment
@tardyp

tardyp Apr 30, 2017

Member

problem comes from this code in twisted:

    def render(self, request):
        """
        Send www-authenticate headers to the client
        """
        def generateWWWAuthenticate(scheme, challenge):
            l = []
            for k,v in challenge.items():
                l.append(networkString("%s=%s" % (k, quoteString(v))))
            return b" ".join([scheme, b", ".join(l)])

        def quoteString(s):
            return '"%s"' % (s.replace('\\', '\\\\').replace('"', '\\"'),)

        request.setResponseCode(401)
        for fact in self._credentialFactories:
            challenge = fact.getChallenge(request)
            request.responseHeaders.addRawHeader(
                b'www-authenticate',
                generateWWWAuthenticate(fact.scheme, challenge))
        if request.method == b'HEAD':
            return b''

fact.getChallenge(request) returns a byte string, then the code tries to quote it, but uses native string only

Member

tardyp commented Apr 30, 2017

problem comes from this code in twisted:

    def render(self, request):
        """
        Send www-authenticate headers to the client
        """
        def generateWWWAuthenticate(scheme, challenge):
            l = []
            for k,v in challenge.items():
                l.append(networkString("%s=%s" % (k, quoteString(v))))
            return b" ".join([scheme, b", ".join(l)])

        def quoteString(s):
            return '"%s"' % (s.replace('\\', '\\\\').replace('"', '\\"'),)

        request.setResponseCode(401)
        for fact in self._credentialFactories:
            challenge = fact.getChallenge(request)
            request.responseHeaders.addRawHeader(
                b'www-authenticate',
                generateWWWAuthenticate(fact.scheme, challenge))
        if request.method == b'HEAD':
            return b''

fact.getChallenge(request) returns a byte string, then the code tries to quote it, but uses native string only

@Foxboron

This comment has been minimized.

Show comment
Hide comment
@Foxboron

Foxboron Jun 4, 2017

Contributor

This issue doesn't seem to be fixed.

2017-06-04 22:24:40+0200 [_GenericHTTPChannelProtocol,240,127.0.0.1] HTTPAuthSessionWrapper.getChildWithDefault encountered unexpected error
	Traceback (most recent call last):
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/web/_auth/wrapper.py", line 162, in _login
	    d = self._portal.login(credentials, None, IResource)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/portal.py", line 119, in login
	    return maybeDeferred(self.checkers[i].requestAvatarId, credentials
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/internet/defer.py", line 150, in maybeDeferred
	    result = f(*args, **kw)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/checkers.py", line 97, in requestAvatarId
	    self.users[credentials.username]).addCallback(
	--- <exception caught here> ---
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/internet/defer.py", line 150, in maybeDeferred
	    result = f(*args, **kw)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/credentials.py", line 157, in checkPassword
	    calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/_digest.py", line 65, in calcHA1
	    m.update(pszPassword)
	builtins.TypeError: Unicode-objects must be encoded before hashing
authz = util.Authz(
    allowRules=[
        util.AnyControlEndpointMatcher(role="admins"),
        util.StopBuildEndpointMatcher(role="admin"),
        util.RebuildBuildEndpointMatcher(role="admin"),
        util.ForceBuildEndpointMatcher(role="admin"),
    ],
    roleMatchers=[
        util.RolesFromEmails(admins=["admin"])
    ]
)
auth=util.UserPasswordAuth({'admin': 'admin'})

c['www'] = dict(port=8010,
                plugins=dict(waterfall_view={}, console_view={}))

c['www']['auth'] = auth
c['www']['authz'] = authz

Installed twisted from master and made sure the above patch was included. Chrome 58.0.3029.110 breaks and throws the above error. Firefox 53.0.3 fails silently it seems.

Running python 3.5.3

buildbot (0.9.7)
buildbot-console-view (0.9.7)
buildbot-waterfall-view (0.9.7)
buildbot-worker (0.9.7)
buildbot-www (0.9.7)
Twisted (17.1.0.dev0)
Contributor

Foxboron commented Jun 4, 2017

This issue doesn't seem to be fixed.

2017-06-04 22:24:40+0200 [_GenericHTTPChannelProtocol,240,127.0.0.1] HTTPAuthSessionWrapper.getChildWithDefault encountered unexpected error
	Traceback (most recent call last):
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/web/_auth/wrapper.py", line 162, in _login
	    d = self._portal.login(credentials, None, IResource)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/portal.py", line 119, in login
	    return maybeDeferred(self.checkers[i].requestAvatarId, credentials
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/internet/defer.py", line 150, in maybeDeferred
	    result = f(*args, **kw)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/checkers.py", line 97, in requestAvatarId
	    self.users[credentials.username]).addCallback(
	--- <exception caught here> ---
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/internet/defer.py", line 150, in maybeDeferred
	    result = f(*args, **kw)
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/credentials.py", line 157, in checkPassword
	    calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
	  File "/usr/local/lib/python3.5/dist-packages/Twisted-17.1.0.dev0-py3.5-linux-x86_64.egg/twisted/cred/_digest.py", line 65, in calcHA1
	    m.update(pszPassword)
	builtins.TypeError: Unicode-objects must be encoded before hashing
authz = util.Authz(
    allowRules=[
        util.AnyControlEndpointMatcher(role="admins"),
        util.StopBuildEndpointMatcher(role="admin"),
        util.RebuildBuildEndpointMatcher(role="admin"),
        util.ForceBuildEndpointMatcher(role="admin"),
    ],
    roleMatchers=[
        util.RolesFromEmails(admins=["admin"])
    ]
)
auth=util.UserPasswordAuth({'admin': 'admin'})

c['www'] = dict(port=8010,
                plugins=dict(waterfall_view={}, console_view={}))

c['www']['auth'] = auth
c['www']['authz'] = authz

Installed twisted from master and made sure the above patch was included. Chrome 58.0.3029.110 breaks and throws the above error. Firefox 53.0.3 fails silently it seems.

Running python 3.5.3

buildbot (0.9.7)
buildbot-console-view (0.9.7)
buildbot-waterfall-view (0.9.7)
buildbot-worker (0.9.7)
buildbot-www (0.9.7)
Twisted (17.1.0.dev0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment