apache-openid returns 500 error message on access to a protected resource

Bug #455510 reported by Andrew Glen-Young on 2009-10-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Apache OpenID
High
Unassigned

Bug Description

Accessing https://directory.canonical.com/ with "older" cookies returns an application error preventing someone from logging in.
Unfortunately, I cannot reproduce as I do not have an older cookie.

What I expect to happen:

 1. Gain access to the protected resource.

What actually happens:

 1. Apache returns a 500 error message.

How to reproduce:

 1. Access the directory with an older cookie (unfortunately I don't know what the cookie contents look like).

More information:

Below is the information that I have mined from our Apache logs with the request and the relevant error message that is returned.

Apache request:

xxx.xxx.xxx.xxx - - [19/Oct/2009:15:57:27 +0100] "GET / HTTP/1.1" 500 1308 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20091007 Ubuntu/9.10 (karmic) Firefox/3.5.3"

The traceback follows below:

[Mon Oct 19 09:57:32 2009] [error] [client xxx.xxx.xxx.xxx] mod_python (pid=29107, interpreter='directory.canonical.com', phase='PythonAccessHandler', handler='mpopenid::protect'): Application error
[Mon Oct 19 09:57:32 2009] [error] [client xxx.xxx.xxx.xxx] ServerName: 'directory.canonical.com'
[Mon Oct 19 09:57:32 2009] [error] [client xxx.xxx.xxx.xxx] DocumentRoot: '/htdocs'
[Mon Oct 19 09:57:32 2009] [error] [client xxx.xxx.xxx.xxx] URI: '/'
[Mon Oct 19 09:57:32 2009] [error] [client xxx.xxx.xxx.xxx] Location: '/'
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] Directory: None
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] Filename: '/htdocs'
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] PathInfo: '/'
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] Traceback (most recent call last):
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1537, in HandlerDispatch\n default=default_handler, arg=req, silent=hlist.silent)
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1229, in _process_target\n result = _execute_target(config, req, object, arg)
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1128, in _execute_target\n result = object(arg)
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mpopenid.py", line 34, in protect\n return oid_req.protect()
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mpopenid.py", line 1252, in protect\n ', '.join(self.cookied_teams))
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mpopenid.py", line 272, in __getattr__\n val = func()
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] File "/usr/lib/python2.5/site-packages/mpopenid.py", line 360, in get_cookied_teams\n for team in team_cache.keys():
[Mon Oct 19 09:57:33 2009] [error] [client xxx.xxx.xxx.xxx] AttributeError: 'list' object has no attribute 'keys'

James Troup (elmo) wrote :

I added some debug code and found that when we traceback, team_cache
lookgs like this:

[Mon Oct 19 17:53:58 2009] [error] [client 555.555.555.555] MOOHAHA: [u'canonical']

But when it works, looks like this:

[Mon Oct 19 11:58:13 2009] [error] [client 555.555.555.555] MOOHAHA: {u'canonical': datetime.datetime(2009, 10, 19, 12, 58, 13, 378459)}, referer: https://directory.canonical.com/openid/login

Changed in apache-openid:
importance: Undecided → High
assignee: nobody → Stuart Metcalfe (stuartmetcalfe)

This should be fixed with the current version of python-apache-openid in lucid+

Changed in apache-openid:
assignee: Stuart Metcalfe (stuartmetcalfe) → nobody
Māris Fogels (mars) wrote :

I have looked over the code in the python-apache-openid-2.0 package and this bug appears to be resolved, so I am closing this bug as 'Fix Released'.

The original bug likely resulted from a change in the session database format. The 2.0 code line rewrote how the session database is handled, resolving this issue.

Changed in apache-openid:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers