Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

django.core.signing.BadSignature error on listing Git repositories #445

Closed
crupib opened this issue May 13, 2021 · 24 comments
Closed

django.core.signing.BadSignature error on listing Git repositories #445

crupib opened this issue May 13, 2021 · 24 comments
Labels
type: bug Something isn't working as expected

Comments

@crupib
Copy link

crupib commented May 13, 2021
edited by glennmatthews

Environment

  • Python version: 3.6.8
  • Nautobot version: 1.0.1

Steps to Reproduce

  1. Just enter extras/git-repositories/ page

Expected Behavior

Would give me the ability to launch the refresh

Observed Behavior

<class 'django.core.signing.BadSignature'>

Signature "b'mG5+660ye92rJBEtyZxuorLD6A6tcRmeS7mrGCP9ayg=\n'" does not match

Python version: 3.6.8
Nautobot version: 1.0.1
@glennmatthews glennmatthews changed the title <class 'django.core.signing.BadSignature'> Signature "b'mG5+660ye92rJBEtyZxuorLD6A6tcRmeS7mrGCP9ayg=\n'" does not match Python version: 3.6.8 Nautobot version: 1.0.1 django.core.signing.BadSignature error on listing Git repositories May 13, 2021
@glennmatthews glennmatthews added the type: bug Something isn't working as expected label May 13, 2021
@crupib
Copy link
Author

crupib commented May 13, 2021
edited by glennmatthews 

Environment:


Request Method: GET
Request URL: http://192.168.210.85:8080/extras/git-repositories/

Django Version: 3.1.10
Python Version: 3.6.8
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'cacheops',
 'corsheaders',
 'django_filters',
 'django_tables2',
 'django_prometheus',
 'mptt',
 'rest_framework',
 'social_django',
 'taggit',
 'timezone_field',
 'nautobot.core',
 'nautobot.circuits',
 'nautobot.dcim',
 'nautobot.ipam',
 'nautobot.extras',
 'nautobot.tenancy',
 'nautobot.users',
 'nautobot.utilities',
 'nautobot.virtualization',
 'django_rq',
 'drf_yasg',
 'graphene_django']
Installed Middleware:
['django_prometheus.middleware.PrometheusBeforeMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'nautobot.core.middleware.ExceptionHandlingMiddleware',
 'nautobot.core.middleware.RemoteUserMiddleware',
 'nautobot.core.middleware.ExternalAuthMiddleware',
 'nautobot.core.middleware.APIVersionMiddleware',
 'nautobot.core.middleware.ObjectChangeMiddleware',
 'django_prometheus.middleware.PrometheusAfterMiddleware']


Template error:
In template /opt/nautobot/lib64/python3.6/site-packages/nautobot/core/templates/inc/table.html, error at line 18
   Signature "b'mG5+660ye92rJBEtyZxuorLD6A6tcRmeS7mrGCP9ayg=\n'" does not match
   8 :                     {% if column.orderable %}
   9 :                         <th {{ column.attrs.th.as_html }}><a href="{% querystring table.prefixed_order_by_field=column.order_by_alias.next %}">{{ column.header }}</a></th>
   10 :                     {% else %}
   11 :                         <th {{ column.attrs.th.as_html }}>{{ column.header }}</th>
   12 :                     {% endif %}
   13 :                 {% endfor %}
   14 :             </tr>
   15 :         </thead>
   16 :     {% endif %}
   17 :     <tbody>
   18 :          {% for row in table.page.object_list|default:table.rows %} 
   19 :             <tr {{ row.attrs.as_html }}>
   20 :                 {% for column, cell in row.items %}
   21 :                     <td {{ column.attrs.td.as_html }}>{{ cell }}</td>
   22 :                 {% endfor %}
   23 :             </tr>
   24 :         {% empty %}
   25 :             {% if table.empty_text %}
   26 :                 <tr>
   27 :                     <td colspan="{{ table.columns|length }}" class="text-center text-muted">&mdash; {{ table.empty_text }} &mdash;</td>
   28 :                 </tr>


Traceback (most recent call last):
  File "/opt/nautobot/lib64/python3.6/site-packages/django_cryptography/core/signing.py", line 237, in unsign
    self.signature(signed_value[:-d_size]).verify(sig)
  File "/opt/nautobot/lib64/python3.6/site-packages/cryptography/hazmat/primitives/hmac.py", line 74, in verify
    ctx.verify(signature)
  File "/opt/nautobot/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/hmac.py", line 75, in verify
    raise InvalidSignature("Signature did not match digest.")

During handling of the above exception (Signature did not match digest.), another exception occurred:
  File "/opt/nautobot/lib64/python3.6/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/views/generic/base.py", line 70, in view
    return self.dispatch(request, *args, **kwargs)
  File "/opt/nautobot/lib64/python3.6/site-packages/nautobot/utilities/views.py", line 94, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/views/generic/base.py", line 98, in dispatch
    return handler(request, *args, **kwargs)
  File "/opt/nautobot/lib64/python3.6/site-packages/nautobot/core/views/generic.py", line 220, in get
    return render(request, self.template_name, context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/shortcuts.py", line 19, in render
    content = loader.render_to_string(template_name, context, request, using=using)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/loader.py", line 62, in render_to_string
    return template.render(context, request)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/backends/django.py", line 61, in render
    return self.template.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 170, in render
    return self._render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 162, in _render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/loader_tags.py", line 150, in render
    return compiled_parent._render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 162, in _render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/loader_tags.py", line 150, in render
    return compiled_parent._render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 162, in _render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/loader_tags.py", line 62, in render
    result = block.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/defaulttags.py", line 516, in render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/defaulttags.py", line 312, in render
    return nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/loader_tags.py", line 192, in render
    return template.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 172, in render
    return self._render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 162, in _render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django_tables2/templatetags/django_tables2.py", line 167, in render
    return template.render(context={"table": table}, request=request)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/backends/django.py", line 61, in render
    return self.template.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 170, in render
    return self._render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 162, in _render
    return self.nodelist.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 938, in render
    bit = node.render_annotated(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 905, in render_annotated
    return self.render(context)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/defaulttags.py", line 163, in render
    values = self.sequence.resolve(context, ignore_failures=True)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/base.py", line 698, in resolve
    new_obj = func(obj, *arg_vals)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/template/defaultfilters.py", line 755, in default
    return value or arg
  File "/opt/nautobot/lib64/python3.6/site-packages/django_tables2/rows.py", line 325, in __len__
    length = len(self.data)
  File "/opt/nautobot/lib64/python3.6/site-packages/django/db/models/query.py", line 269, in __len__
    self._fetch_all()
  File "/opt/nautobot/lib64/python3.6/site-packages/cacheops/query.py", line 283, in _fetch_all
    self._result_cache = list(self._iterable_class(self))
  File "/opt/nautobot/lib64/python3.6/site-packages/django/db/models/query.py", line 70, in __iter__
    for row in compiler.results_iter(results):
  File "/opt/nautobot/lib64/python3.6/site-packages/django/db/models/sql/compiler.py", line 1100, in apply_converters
    value = converter(value, expression, connection)
  File "/opt/nautobot/lib64/python3.6/site-packages/django_cryptography/fields.py", line 173, in from_db_value
    return self._load(force_bytes(value))
  File "/opt/nautobot/lib64/python3.6/site-packages/django_cryptography/fields.py", line 115, in _load
    return pickle.loads(self._fernet.decrypt(value, self.ttl))
  File "/opt/nautobot/lib64/python3.6/site-packages/django_cryptography/utils/crypto.py", line 143, in decrypt
    data = self._signer.unsign(data, ttl)
  File "/opt/nautobot/lib64/python3.6/site-packages/django_cryptography/core/signing.py", line 240, in unsign
    'Signature "%s" does not match' % binascii.b2a_base64(sig))

Exception Type: BadSignature at /extras/git-repositories/
Exception Value: Signature "b'mG5+660ye92rJBEtyZxuorLD6A6tcRmeS7mrGCP9ayg=\n'" does not match

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

@crupib Did you happen to change your secret key after adding a git repository? I get the same error if I change my secret key.

@crupib
Copy link
Author

crupib commented May 13, 2021
edited

Some other person was working on this. I did not, but he says he didn't you know how that goes.

@crupib
Copy link
Author

crupib commented May 13, 2021

Is there a way around this?

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

If you can (if you know what the secret_key was, you can set it back. Otherwise, I can get you a command to remove the offending entry in the nbshell.

@crupib
Copy link
Author

crupib commented May 13, 2021

I don't know this is what was in the config file:
SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", ")d%qg35u6@06hohcms)j_1+4iawv)^&ytg_7*b$&xp!@6hgnao")

@crupib
Copy link
Author

crupib commented May 13, 2021

He may have run the init command, not sure?

@glennmatthews
Copy link
Contributor

Note that if this issue was caused by a change to SECRET_KEY I consider this a bug in our configuration template - although django-cryptography uses SECRET_KEY as a default source for its CRYPTOGRAPHY_KEY setting (reference) we should decouple these by default so that changing SECRET_KEY doesn't automatically change CRYPTOGRAPHY_KEY as well.

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

It looks like the SECRET key can either be the NAUTOBOT_SECRET _KEY environment variable, or the long string you have listed next to it.

If the ENV variable doesn't match that string listed, you could backup your existing variable and then try changing it to match.

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

Also, I would not publicize the SECRET_KEY.

@crupib
Copy link
Author

crupib commented May 13, 2021

Okay I guess it is good that we uncovered and issue.
The ENV was not set so it was using the KEY in the config. Not sure what to do as far as setting it to something else?

@crupib
Copy link
Author

crupib commented May 13, 2021

Kinda lost here.

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

From what I am seeing, the NAUTOBOT_SECRET_KEY is optional, it is there to assist with deployments (12 Factor style). If nautobot-server init was re-run, it would rotate the secret key. We will be changing this to at least make a backup before overwriting, or not allow overwriting.

I am unable to provide an nbshell command, it looks like we will have to drop into the sql shell instead. I will have something in a few minutes for you.

@crupib
Copy link
Author

crupib commented May 13, 2021

OK should I go ahead and run the nautobot-server init. I will save the file.

@crupib
Copy link
Author

crupib commented May 13, 2021

Or should I wait for you?

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021
edited by glennmatthews

Use nautobot-server dbshell to access the Postgres database.

Then you can use select * from extras_gitrepository; to copy off any repository fields that you need.

Finally, you can use delete from extras_gitrepository; to remove the git repository.

This should allow you access back to the Git Repositories page. Then just add your repository back in.

@crupib
Copy link
Author

crupib commented May 13, 2021

nautobot-server dbshell
psql (10.15)
Type "help" for help.

nautobot=> select * from extras_repository;
ERROR: relation "extras_repository" does not exist
LINE 1: select * from extras_repository;

@crupib
Copy link
Author

crupib commented May 13, 2021

It was extras_gitrepository

@crupib
Copy link
Author

crupib commented May 13, 2021

Not failing now. Going to have developer add new git repository.

@smk4664
Copy link
Contributor

smk4664 commented May 13, 2021

Sorry, that is what I get for not copying and pasting.

@crupib
Copy link
Author

crupib commented May 13, 2021

LOL no problem

@crupib
Copy link
Author

crupib commented May 13, 2021

As soon as the developer adds his git repository I will close this out.

@crupib
Copy link
Author

crupib commented May 13, 2021

Thanks Stephen.

@crupib crupib closed this as completed May 13, 2021
@crupib
Copy link
Author

crupib commented May 13, 2021

Thanks Stephen.

@glennmatthews glennmatthews mentioned this issue May 21, 2021
Merged
@glennmatthews glennmatthews mentioned this issue May 28, 2021
Closed
@glennmatthews glennmatthews mentioned this issue Jun 8, 2021
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crupib @glennmatthews @smk4664