2322: Unable to post reviews with post-review (0.3.4): can not log in into Reviewboard (1.6.1)
- SetupIssue
- Review Board
| tek****@gmai***** (Google Code) (Is this you? Claim this profile.) | |
| Aug. 10, 2013 |
What version are you running?
Reviewboard 1.6.1
RBTools 0.3.2, 0.3.3, 0.3.4 (non of the are working)
What's the URL of the page containing the problem?
-
What steps will reproduce the problem?
1. try to post a review with post-review without being logged in
2. post-review will ask the username and password, but can not log in
What is the expected output? What do you see instead?
my-mac:~/trunk.svn: post-review -d
>>> RBTools 0.3.4
>>> Home = /Users/user
>>> svn info
>>> diff --version
>>> repository info: Path: http://user@server.local/svn/Software, Base path: /trunk, Supports changesets: False
>>> HTTP GETting api/
>>> HTTP GETting http://server.local/reviewboard/api/info/
==> HTTP Authentication Required
Enter authorization information for "Web API" at server.local
Username: user
Password:
>>> Got API Error 103 (HTTP code 401): You are not logged in
>>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}}
Unable to log in with the supplied username and password.
What operating system are you using? What browser?
Client: OSX (same from Linux clients)
Server: OSX, python 2.6, ldap auth (works from the web ui)
Please provide any additional information below.
There appear to be several incidents of people specifically on LDAP being unable to log in with the API. We're trying to figure it out, but so far nothing is standing out as obviously wrong. Can you tell me if either your username or password has any non-ascii characters in it?
-
+ NeedInfo
Seems to be the same problem as 2281
No, usernames and passwords are very simple.
Added logging to the ldap module, it is not called when trying to use the api.
Ok, I give up. What I found: - check_api_version() does not work in post-review because it tries to get api/info which can only be accessed after you logged in - no code is trying to log in through the api in post-review (there is some code for the deprecated api)
Workaround: copy the cookie from the browser.
A script for OSX:
#!/usr/bin/python
import plistlib
import os
import time
HOME=os.environ["HOME"]
COOKIES=plistlib.readPlist(HOME + "/Library/Cookies/Cookies.plist")
rbs = [x for x in COOKIES if x["Name"] == "rbsessionid"]
f = open(HOME + "/.post-review-cookies.txt", "w")
f.write(""" # Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This is a generated file! Do not edit.
""")
for rb in rbs:
f.write("%s\tFALSE\t%s\tFALSE\t%d\t%s\t%s\n" % (rb["Domain"], rb["Path"], int(time.mktime(rb["Expires"].timetuple())), rb["Name"], rb["Value"]))
f.close()
I'm confused about your comment above about not having code trying to log in. That's what the BasicHTTPAuthHandler is doing. When it sees a response from the server for /api/info/ saying that authorization is required, that handler will kick in and ask the user for credentials.
It is not a problem in post-review, but in the api. If I go to the url /api/info/ without being logged in, it gives me a http authentication box. If I fill in my username and password, it will not login and simply return the login box again. Yes, I have LDAP authentication inside my ReviewBoard. Anything I can do to debug this? Running reviewboard 1.6.9
For this, I think it goes wrong in djblets/webapi/auth.py :( My knowledge of djblets and django is close to 0, so now I have no idea how to go from here to fix this.
Is anyone actually going to look into this? The same problem still exists with the latest reviewboard! I updated from 1.6.11 to 1.6.14 with easy_install -U ReviewBoard, so I also have the latest djblets. PLEASE, this is not a medium issue, this is a serious issue for installs that depend on ldap!
I'll spend some time on this. Last few times I looked, though, I couldn't repro it and nothing looks obviously wrong. What we really need is someone who actively hits it who can trace the code. I would really like to see this fixed.
Well, I can help you with tracing and testing. I have a ReviewBoard setup that is not yet used in production (because of this particular issue) and I have full access to it. Just tell me what you need. As I mentioned before, it looks like the problem is in djblets/webapi/auth.py Since this is totally new for me, and with limited time on hands I dont feel confident on fixing it. But helping to get it fixed is the least I can do right? Just let me know. You can always mail me in person if you want to discuss/test someting mvanbaak (at) gmail (dot) com
Some info to get you started: $ fetch -o - http://<reviewboard_url>/api/info Authentication required for <http://<reviewboard_url>:80/>! Login: username Password: fetch: http://<reviewboard_url>/api/info: Unauthorized Yes, I supplied the correct username and password. And they do work in the webapplication, just not when talking to the api.
I could reproduce this earlier, but now it works fine for me. The only thing that has changed is my password. I used a password manager and let it auto-generate random garbage passwords. My previous password was something similar to: .;FFver2&335l:Ab/1o7\x2k My new password contains only alphanumerics. I suspect there's a problem with escaping the input.
My passphrase is very simple. only letters and numbers, combination of capitals and normal letters, and some numbers. :(
Just to give some more info:
I'm running reviewboard fastcgi with the following command:
/usr/local/bin/python /usr/local/bin/rb-site manage /sites/domain/reviews runfcgi socket=/sites/domain/reviews/tmp/fastcgi.sock pidfile=/var/run/reviews.pid
and this is my apache config:
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
</IfModule>
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
FastCGIExternalServer "/sites/domain/reviews/htdocs/reviewboard.fcgi" -socket "/sites/domain/reviews/tmp/fastcgi.sock"
</IfModule>
<VirtualHost *:80>
ServerName reviews.domain
DocumentRoot "/sites/domain/reviews/htdocs"
# Alias static media requests to filesystem
Alias /media "/sites/domain/reviews/htdocs/media"
Alias /errordocs "/sites/domain/reviews/htdocs/errordocs"
# Error handlers
ErrorDocument 500 /errordocs/500.html
<Directory "/sites/domain/reviews/htdocs">
AllowOverride All
Options -Indexes FollowSymLinks
Allow from all
</Directory>
# Direct all other requests to the fastcgi server
RewriteEngine on
<IfModule mod_fcgid.c>
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteRule ^/(errordocs.*)$ /$1 [QSA,L,PT]
</IfModule>
<IfModule mod_fastcgi.c>
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteRule ^/(errordocs.*)$ /$1 [QSA,L,PT]
</IfModule>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ /reviewboard.fcgi/$1 [QSA,L]
</VirtualHost>
The content of the reviewboard.fcgi is:
#!/usr/local/bin/python
import os, sys
sys.path.insert(0, "/sites/domain/reviews/conf")
os.environ["DJANGO_SETTINGS_MODULE"] = "reviewboard.settings"
os.environ["PYTHON_EGG_CACHE"] = "/sites/domain/reviews/tmp/egg_cache"
os.environ["HOME"] = "/sites/domain/reviews/data"
from django.core.servers.fastcgi import runfastcgi
runfastcgi(method="threaded", daemonize="false")
Hope this helps.
Ok, I had some time today and setup reviewboard with mod_wsgi3 Now everything is working!! So the problem is only showing when using fastcgi! After the weekend I will move our production reviewboards to wsgi to see if it is also fixed in the production enviroment. (It's a pain in the ass to setup because we run apache chrooted, so I have to copy a lot of python and system files into the chroot. That was the reason to setup the whole thing with fastcgi)
-
+ Component-Deployment + Component-API
Digging through the mailing list, this seems to be when combining ldap + fastcgi. Since there's really nothing we can do about the fastcgi interface, I'm going to change the docs to more heavily recommend mod_wsgi and cite this issue specifically.
-
- NeedInfo + SetupIssue