Comments (13)
mattiaverga
commented on July 23, 2024
Not sure what's going on there. The openid authentication seems to be handled totally by pyramid-fas-openid and I cannot even see any line in the logs when the HTTP 500 / Internal Server Error page is triggered.
Maybe @abompard has some ideas and can solve this in two seconds?
from bodhi.
decathorpe
commented on July 23, 2024
Thanks for looking into it!
Looks like I will soon need to bite the bullet anyway and implement OIDC or GSSAPI auth for fedora-update-feedback :(
from bodhi.
abompard
commented on July 23, 2024
Yeah it looks like the log configuration is wrong, it does not log requests. I'll try to fix that
from bodhi.
abompard
commented on July 23, 2024
OK I got the logs back in, and I see a traceback!
2024-02-22 15:37:02,476 ERROR [gunicorn.error][ThreadPoolExecutor-0_0] Error handling request /dologin.html?openid=https%3A%2F%2Fid.fedoraproject.org%2F
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/gunicorn/workers/gthread.py", line 271, in handle
keepalive = self.handle_request(req, conn)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/gunicorn/workers/gthread.py", line 323, in handle_request
respiter = self.wsgi(environ, resp.start_response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/paste/deploy/config.py", line 291, in __call__
return self.app(environ, start_response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/pyramid/router.py", line 270, in __call__
response = self.execution_policy(environ, self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/pyramid/router.py", line 276, in default_execution_policy
return router.invoke_request(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/pyramid/router.py", line 248, in invoke_request
request._process_response_callbacks(response)
File "/usr/lib/python3.11/site-packages/pyramid/request.py", line 85, in _process_response_callbacks
callback(self, response)
File "/usr/lib/python3.11/site-packages/pyramid/session.py", line 258, in set_cookie_callback
self._set_cookie(response)
File "/usr/lib/python3.11/site-packages/pyramid/session.py", line 325, in _set_cookie
serializer.dumps((self.accessed, self.created, dict(self)))
File "/usr/lib/python3.11/site-packages/webob/cookies.py", line 659, in dumps
cstruct = self.serializer.dumps(appstruct) # will be bytes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/webob/cookies.py", line 560, in dumps
return bytes_(json.dumps(appstruct), encoding='utf-8')
^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/json/__init__.py", line 231, in dumps
return _default_encoder.encode(obj)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/json/encoder.py", line 200, in encode
chunks = self.iterencode(o, _one_shot=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/json/encoder.py", line 258, in iterencode
return _iterencode(o, 0)
^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/json/encoder.py", line 180, in default
raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type YadisServiceManager is not JSON serializable
It does look familiar.
from bodhi.
abompard
commented on July 23, 2024
Yeah I'm betting it's the default serializer that was switched to JSON in Pyramid 2.0 that's causing the problem, but I thought we had fixed that a long time ago to avoid having non-json-serializable stuff in the session.
from bodhi.
mattiaverga
commented on July 23, 2024
Yeah, I see it was handled in #4356 but pyramid_fas_openid is still used for login?method=openid calls... should we drop openid authentication?
from bodhi.
abompard
commented on July 23, 2024
Yeah I think so... Sorry @decathorpe !
from bodhi.
decathorpe
commented on July 23, 2024
I understand :(
I know OpenID support was only kept for backwards compatibility, but I didn't know that I'd have to deal with this so soon 🫣
from bodhi.
abompard
commented on July 23, 2024
Yeah... You can have a look at how the bodhi client handles OIDC, if that can help.
from bodhi.
geraldosimiao
commented on July 23, 2024
@decathorpe you know how fedora-easy-karma handles the auth process? It seems not to be affected, its working correctly until now.
from bodhi.
decathorpe
commented on July 23, 2024
I think fedora-easy-karma got kerberos and / or OIDC support since it uses the official bodhi client bindings?
from bodhi.
geraldosimiao
commented on July 23, 2024
I think it is this yeah https://pagure.io/fedora-easy-karma/blob/master/f/fedora-easy-karma.py
It seems it uses some oraculum-endpoint, I don't know what this is...
But when I used it the first time, it gave me the link for getting a api key at my Fedora account page, and then I paste it at the terminal and since then I don't need to validate it anymore.
from bodhi.
decathorpe
commented on July 23, 2024
If bodhi-server is not going to fix the OpenID endpoint, should it be removed and documented that it's no longer working?
from bodhi.
Related Issues (20)
- RFE: login with kerberos HOT 1
- test_provenpackager_request_privs has all kinds of issues HOT 3
- When an auto-obsoleted update is edited with a new build, it does not go back to testing and no koji-build-group.build.complete message is published HOT 3
- RFE: ability to designate updates as addressing issues in any tracker, not just Bugzilla HOT 4
- bodhi's repo checks don't allow disabling drpms
- 8.1 release plan
- Make non-mocked message publishing fail when running tests in bcd environment HOT 1
- Notify maintainer only about actionable issues with the update HOT 1
- Query timeouts HOT 2
- Changing versioning schema
- Action Required: Fix Renovate Configuration
- Update's 'test gating status' is singular, at certain times in cycle reflects policy for push to testing but allows push to stable
- fedora-ci.koji-build.rpminspect.static-analysis fails because of mixed SPDX and legacy license identifiers HOT 1
- rpminspect static-analysis test fails at annocheck incorrectly HOT 2
- psycopg2.OperationalError unable to connect HOT 2
- build with spec false: budild require python3dist(poetry-core) but not in spec BuildRequires
- bodhi server web Incorrect static resource path for httpd
- Bodhi enums implementation incompatible with Python 3.13
- fedora_messaging API change breaks Pypi tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bodhi.