Launchpad itself

Attempting to set redirection_url to a tuple instead of a string in login machinery

Bug #31589 reported by Stuart Bishop
4
Affects Status Importance Assigned to Milestone
Launchpad itself
Invalid
Critical
Unassigned

Bug Description

As seen with OOPS-46C148 , there is a code path somewhere that passes a
tuple through to the database layer instead of a string.

 affects /products/launchpad

--
Stuart Bishop <email address hidden> http://www.canonical.com/
Canonical Ltd. http://www.ubuntu.com/

Revision history for this message
James Henstridge (jamesh) wrote : ...

If I go to https://launchpad.net/+login, the template code puts the following in the form element:

    <input type="hidden" name="redirection_url" />

So the redirection_url form item will be posted back with a value of "".

If I go to https://launchpad.net/+login?redirction_url= (essentially what I'd get for posting an empty redirection_url), The form contains the following:

    <input type="hidden" name="redirection_url" />
    ...
    <!-- Preserve extra query parameters as hidden fields. -->
    <input type="hidden" name="redirection_url" value="" />

This would result in two "redirection_url" items being posted back, which is similar to the results observed in the OOPS.

Dafydd Harries (daf)
Changed in launchpad:
status: Unconfirmed → Confirmed
Dafydd Harries (daf)
Changed in launchpad:
assignee: nobody → salgado
assignee: salgado → nobody
Dafydd Harries (daf)
Changed in launchpad:
assignee: nobody → daf
Dafydd Harries (daf)
Changed in launchpad:
status: Confirmed → In Progress
Revision history for this message
Steve Alexander (stevea) wrote :

Thanks for the analysis James!

So, there are two bugs here. One is that the +login form is adding an empty redirection_url where there is no need to do so. Another is that the code to preserve extra query parameters is not taking into account the redirection_url value.

The first is more of an aesthetic issue. The second can be fixed to solve this issue.

Revision history for this message
Steve Alexander (stevea) wrote :

I want to talk about the design of this subsystem with Salgado in London, so we can check out its design and document it better. I'll commit a trivial workaround for it meanwhile.

Changed in launchpad:
assignee: daf → stevea
Curtis Hovey (sinzui)
Changed in launchpad-foundations:
status: In Progress → Triaged
assignee: Steve Alexander (stevea) → nobody
Robert Collins (lifeless)
Changed in launchpad:
importance: Medium → Critical
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

The login code changed so much in the last 4 years that the code paths are now totally different. If there is still a related OOPS, we should open a new bug.

Changed in launchpad:
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.