[BUG] InvalidToken error followed by UnicodeDecodeError #60
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
I have configured the docker-ldap-auth container and it has been working for about a week. However, last night I tried to log in to my web applications and they are returning 500 Internal Error messages.
Looking at the docker-ldap-auth logs, I see these stack traces:
Exception occurred during processing of request from ('172.18.0.12', 60686)
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
Glancing through the code, it looks like this line:
auth_decoded = auth_decoded.decode("utf-8")
in https://github.com/linuxserver/docker-ldap-auth/blob/master/root/app/nginx-ldap-auth-daemon.py#L98 is causing the second stack trace. Maybe that should be in a separate try-except block?
However, I am not sure what the cause of the initial exception is. I have tried adding a Fernet Key but that did not result in the docker-ldap-auth container returning successful log ins.
Expected Behavior
Allow log in calls to the web applications.
Steps To Reproduce
- I have deployed separate apps in a docker-compose stack, each with their own DNS name. I am using NGINX as the reverse proxy and performing the auth_request call to the docker-ldap-auth container. I do not know what caused this issue as it was working for the previous week.
- This is the sanitized ldap-server.conf:
location /ldaplogin {
include config/resolver.conf;
set $upstream_auth_app ldap-auth;
set $upstream_auth_port 9000;
set $upstream_auth_proto http;
proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
proxy_set_header X-Target $request_uri;
proxy_hide_header X-Content-Type-Options;
proxy_set_header X-Original-URI $request_uri;
# Ensure correct MIME type
add_header Content-Type "text/html; charset=utf-8" always;
}
location = /auth-proxy {
include config/resolver.conf;
set $upstream_auth_app ldap-auth;
set $upstream_auth_port 8888;
set $upstream_auth_proto http;
proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
proxy_hide_header X-Content-Type-Options;
proxy_set_header X-Original-URI $request_uri;
# Ensure correct MIME type
add_header Content-Type "text/html; charset=utf-8" always;
proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length "";
#Before enabling the below caching options, make sure you have the line "proxy_cache_path cache/ keys_zone=auth_cache:10m;" at the bottom your default site config
proxy_cache auth_cache;
proxy_cache_valid 200 10m;
proxy_cache_key "$http_authorization$cookie_nginxauth";
# As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon
# communicates with a LDAP server, passing in the following
# parameters to specify which user account to authenticate. To
# eliminate the need to modify the Python code, this file contains
# 'proxy_set_header' directives that set the values of the
# parameters. Set or change them as instructed in the comments.
#
# Parameter Proxy header
# ----------- ----------------
# url X-Ldap-URL
# starttls X-Ldap-Starttls
# basedn X-Ldap-BaseDN
# binddn X-Ldap-BindDN
# bindpasswd X-Ldap-BindPass
# cookiename X-CookieName
# realm X-Ldap-Realm
# template X-Ldap-Template
# (Required) Set the URL and port for connecting to the LDAP server,
# by replacing 'example.com'.
# Do not mix ldaps-style URL and X-Ldap-Starttls as it will not work.
proxy_set_header X-Ldap-URL "ldap://controller.domain.local";
# (Optional) Establish a TLS-enabled LDAP session after binding to the
# LDAP server.
# This is the 'proper' way to establish encrypted TLS connections, see
# http://www.openldap.org/faq/data/cache/185.html
#proxy_set_header X-Ldap-Starttls "true";
# (Required) Set the Base DN, by replacing the value enclosed in
# double quotes.
proxy_set_header X-Ldap-BaseDN "cn=Users,dc=domain,dc=local";
# (Required) Set the Bind DN, by replacing the value enclosed in
# double quotes.
# If AD, use "root@test.local"
proxy_set_header X-Ldap-BindDN "${AD_BIND_USERNAME}";
# (Required) Set the Bind password, by replacing 'secret'.
proxy_set_header X-Ldap-BindPass "${AD_BIND_PASSWORD}";
# (Required) The following directives set the cookie name and pass
# it, respectively. They are required for cookie-based
# authentication. Comment them out if using HTTP basic
# authentication.
proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
# (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive.
proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
# (Optional if using OpenLDAP as the LDAP server) Set the LDAP
# template by uncommenting the following directive and replacing
# '(cn=%(username)s)' which is the default set in
# nginx-ldap-auth-daemon.py.
#proxy_set_header X-Ldap-Template "(cn=%(username)s)";
# (Optional) Set the realm name, by uncommenting the following
# directive and replacing 'Restricted' which is the default set
# in nginx-ldap-auth-daemon.py.
# proxy_set_header X-Ldap-Realm "Restricted";
}
Environment
- OS: Debian GNU/Linux 13 (trixie)
- How docker service was installed: Following Docker install instructions from here: https://docs.docker.com/engine/install/debian/CPU architecture
x86-64
Docker creation
docker-compose.yml snippet:
ldap-auth:
# Original image: lscr.io/linuxserver/ldap-auth:latest
image: docker.media.domain.local/linuxserver/ldap-auth:latest
container_name: ldap-auth
hostname: ldap-auth
environment:
- PUID
- PGID
- TZ
expose:
- 8888
- 9000
restart: unless-stopped
healthcheck:
test: curl --fail --insecure http://127.0.0.1:9000/ || exit 1
interval: 2s
retries: 3
start_period: 5s
cpu_shares: 1792
deploy:
resources:
limits:
memory: 128m
reservations:
cpus: 2
memory: 128m
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
networks:
- external-networkContainer logs
----------------------------------------
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54850)
Exception occurred during processing of request from ('172.18.0.12', 54862)
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
Traceback (most recent call last):
cryptography.fernet.InvalidToken
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
During handling of the above exception, another exception occurred:
cryptography.exceptions.InvalidSignature: Signature did not match digest.
Traceback (most recent call last):
During handling of the above exception, another exception occurred:
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
cryptography.fernet.InvalidToken
File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
auth_decoded = base64.b64decode(auth_header[6:])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
During handling of the above exception, another exception occurred:
File "/usr/lib/python3.12/base64.py", line 88, in b64decode
return binascii.a2b_base64(s, strict_mode=validate)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Traceback (most recent call last):
binascii.Error: Invalid base64-encoded string: number of data characters (117) cannot be 1 more than a multiple of 4
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
----------------------------------------
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
auth_decoded = base64.b64decode(auth_header[6:])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/base64.py", line 88, in b64decode
return binascii.a2b_base64(s, strict_mode=validate)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Invalid base64-encoded string: number of data characters (117) cannot be 1 more than a multiple of 4
----------------------------------------
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54864)
Exception occurred during processing of request from ('172.18.0.12', 54868)
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
auth_decoded = base64.b64decode(auth_header[6:])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
File "/usr/lib/python3.12/base64.py", line 88, in b64decode
return binascii.a2b_base64(s, strict_mode=validate)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cryptography.exceptions.InvalidSignature: Signature did not match digest.
binascii.Error: Incorrect padding
During handling of the above exception, another exception occurred:
----------------------------------------
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54882)
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54890)
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54906)
Traceback (most recent call last):
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54918)
Traceback (most recent call last):
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
auth_decoded = cipher_suite.decrypt(auth_decoded)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
return self._decrypt_data(data, timestamp, time_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
self._verify_signature(data)
File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
raise InvalidToken
cryptography.fernet.InvalidToken
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
self.handle()
File "/usr/lib/python3.12/http/server.py", line 436, in handle
self.handle_one_request()
File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
method()
File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
if AuthHandler.do_GET(self):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
auth_decoded = auth_decoded.decode("utf-8")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------