Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error with stacktrace instead of friendly error mesage in case of duplicate logins #3250

Closed
bpedersen2 opened this issue Feb 27, 2018 · 2 comments
Labels

Comments

@bpedersen2
Copy link
Contributor

@bpedersen2 bpedersen2 commented Feb 27, 2018

In case of a duplicate account email I would expect an friendly error message pointin g to the reset-password page instead of an error " There was a database error while processing..." with stack-trace

Traceback
---------
Traceback (most recent call last):
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/web/flask/util.py", line 114, in wrapper
    return obj().process()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/web/rh.py", line 280, in process
    handle_sqlalchemy_database_error()  # this will re-raise an exception
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/web/rh.py", line 270, in process
    res = self._do_process()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/web/rh.py", line 249, in _do_process
    return self._process()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/auth/controllers.py", line 269, in _process
    return self._create_user(form, handler)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/auth/controllers.py", line 317, in _create_user
    user, identity = register_user(**self._prepare_registration_data(form, handler))
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/auth/util.py", line 69, in register_user
    from_moderation=from_moderation)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/users/operations.py", line 67, in create_user
    user.settings.set_multi(settings)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/users/models/settings.py", line 66, in wrapper
    return f(self, user, *args, **kwargs)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/modules/users/models/settings.py", line 123, in set_multi
    UserSetting.set_multi(self.module, items, **user)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/core/settings/models/base.py", line 144, in set_multi
    existing = cls.get_all_settings(module, **kwargs)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/indico/core/settings/models/base.py", line 113, in get_all_settings
    return {s.name: s for s in cls.find(module=module, **kwargs)}
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 2854, in __iter__
    self.session._autoflush()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/session.py", line 1422, in _autoflush
    util.raise_from_cause(e)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 203, in raise_from_cause
    reraise(type(exception), exception, tb=exc_tb, cause=cause)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/session.py", line 1412, in _autoflush
    self.flush()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/session.py", line 2192, in flush
    self._flush(objects)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/session.py", line 2312, in _flush
    transaction.rollback(_capture_exception=True)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/util/langhelpers.py", line 66, in __exit__
    compat.reraise(exc_type, exc_value, exc_tb)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/session.py", line 2276, in _flush
    flush_context.execute()
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/unitofwork.py", line 389, in execute
    rec.execute(self)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/unitofwork.py", line 548, in execute
    uow
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/persistence.py", line 181, in save_obj
    mapper, table, insert)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/orm/persistence.py", line 835, in _emit_insert_statements
    execute(statement, params)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 945, in execute
    return meth(self, multiparams, params)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/sql/elements.py", line 263, in _execute_on_connection
    return connection._execute_clauseelement(self, multiparams, params)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1053, in _execute_clauseelement
    compiled_sql, distilled_params
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1189, in _execute_context
    context)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1402, in _handle_dbapi_exception
    exc_info
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 203, in raise_from_cause
    reraise(type(exception), exception, tb=exc_tb, cause=cause)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1182, in _execute_context
    context)
  File "/usr/home/indicoadm/indicov2/.indicov2/lib/python2.7/site-packages/sqlalchemy/engine/default.py", line 470, in do_execute
    cursor.execute(statement, parameters)
IntegrityError: (raised as a result of Query-invoked autoflush; consider using a session.no_autoflush block if this flush is occurring prematurely) (psycopg2.IntegrityError) duplicate key value violates unique constraint "ix_uq_emails_email"
DETAIL:  Key (email)=(<email>) already exists.
 [SQL: 'INSERT INTO users.emails (user_id, email, is_primary, is_user_deleted) VALUES (%(user_id)s, %(email)s, %(is_primary)s, %(is_user_deleted)s) RETURNING users.emails.id'] [parameters: {'is_primary': True, 'user_id': <uid>, 'email': u'<email>', 'is_user_deleted': False}]


Request Data
------------
{u'data': {u'get': {},
           u'headers': {'Accept': u'text/html, application/xhtml+xml, */*',
                        'Accept-Encoding': u'gzip, deflate',
                        'Accept-Language': u'ru-RU',
                        'Cache-Control': u'no-cache',
                        'Connection': u'Keep-Alive',
                        'Content-Length': u'204',
                        'Content-Type': u'application/x-www-form-urlencoded',
                        'Cookie': u'indico_session=XXXXX',
                        'Dnt': u'1',
                        'Host': u'<host>',
                        'Referer': u'https://i<host>/register/',
                        'User-Agent': u'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'},
           u'json': None,
           u'post': {'affiliation': u'XXXXX,
                     'confirm_password': u'<8 chars hidden>',
                     'csrf_token': u'00000000-0000-0000-0000-000000000000',
                     'first_name': u'XXX',
                     'last_name': u'XXXX',
                     'password': u'<8 chars hidden>',
                     'username': u'XXX'},
           u'url': {u'provider': None}},
 u'endpoint': u'auth.register',
 u'id': 'XXXXXXX,
 u'ip': 'XXX',
 u'method': 'POST',
 u'referrer': 'https://<host>register/',
 u'rh': 'RHRegister',
 u'time': '2018-02-26T22:59:25.216448',
 u'url': u'https://<host>/register/',
 u'user': None,
 u'user_agent': u'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}

@ThiefMaster
Copy link
Member

@ThiefMaster ThiefMaster commented Feb 27, 2018

Indeed, we don't check again if the email is in use once you have a validation token.

@ThiefMaster
Copy link
Member

@ThiefMaster ThiefMaster commented Feb 27, 2018

We'll fix that in 2.1, here's a patch for it if you want to hotfix it:

diff --git a/indico/modules/auth/forms.py b/indico/modules/auth/forms.py
index a9ee7200b1..faeed8d95b 100644
--- a/indico/modules/auth/forms.py
+++ b/indico/modules/auth/forms.py
@@ -102,7 +102,7 @@ class MultipassRegistrationForm(SyncedInputsMixin, IndicoForm):


 class LocalRegistrationForm(RegistrationForm):
-    email = EmailField(_('Email address'))
+    email = EmailField(_('Email address'), [_check_existing_email])
     username = StringField(_('Username'), [DataRequired(), _check_existing_username], filters=[_tolower])
     password = PasswordField(_('Password'), [DataRequired(), Length(min=5)])
     confirm_password = PasswordField(_('Confirm password'), [DataRequired(), ConfirmPassword('password')])
ThiefMaster added a commit that referenced this issue Mar 7, 2018
when registering a local account using an existing email verification
token

fixes #3250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.