kallithea Changeset - 18c9eb22c29c

Changeset - 18c9eb22c29c

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Robert James Dennington - 10 years ago 2016-01-15 15:38:27
tinytimrob@googlemail.com

auth: Fix tomcat throwing '505 HTTP Version Not Supported' when trying to log in to Atlassian Crowd with usernames that contain spaces

If you try to log in to Kallithea via the Crowd auth module, and the username
contains a space, it fails. Tomcat on the Crowd server gives error '505 HTTP
Version Not Supported'.

Further investigation showed that the username was not being quoted. E.g. for
the user 'test account', the REST URL should contain 'test%20account' but
actually was containing 'test account'. When Tomcat received this HTTP request
it interprets the word 'account' as the HTTP version because of the space. This
obviously isn't a valid HTTP version.

This bug is fixed by using urllib2.quote on the username to ensure that special
characters are correctly quoted. After making that change on my local install,
the user 'test account' was able to log in successfully.

1 file changed with 2 insertions and 2 deletions:

kallithea/lib/auth_modules/auth_crowd.py

0 comments (0 inline, 0 general)

kallithea/lib/auth_modules/auth_crowd.py

➞

Show inline comments

@@ @@ -26,200 +26,200 @@ Original author and date, and relevant c @@
 """
 import base64
 import logging
 import urllib2
 from kallithea.lib import auth_modules
 from kallithea.lib.compat import json, formatted_json, hybrid_property
 from kallithea.model.db import User
 log = logging.getLogger(__name__)
 class CrowdServer(object):
     def __init__(self, *args, **kwargs):
         """
         Create a new CrowdServer object that points to IP/Address 'host',
         on the given port, and using the given method (https/http). user and
         passwd can be set here or with set_credentials. If unspecified,
         "version" defaults to "latest".
         example::
             cserver = CrowdServer(host="127.0.0.1",
                                   port="8095",
                                   user="some_app",
                                   passwd="some_passwd",
                                   version="1")
         """
         if not "port" in kwargs:
             kwargs["port"] = "8095"
         self._logger = kwargs.get("logger", logging.getLogger(__name__))
         self._uri = "%s://%s:%s/crowd" % (kwargs.get("method", "http"),
                                     kwargs.get("host", "127.0.0.1"),
                                     kwargs.get("port", "8095"))
         self.set_credentials(kwargs.get("user", ""),
                              kwargs.get("passwd", ""))
         self._version = kwargs.get("version", "latest")
         self._url_list = None
         self._appname = "crowd"
     def set_credentials(self, user, passwd):
         self.user = user
         self.passwd = passwd
         self._make_opener()
     def _make_opener(self):
         mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
         mgr.add_password(None, self._uri, self.user, self.passwd)
         handler = urllib2.HTTPBasicAuthHandler(mgr)
         self.opener = urllib2.build_opener(handler)
     def _request(self, url, body=None, headers=None,
                  method=None, noformat=False,
                  empty_response_ok=False):
         _headers = {"Content-type": "application/json",
                     "Accept": "application/json"}
         if self.user and self.passwd:
             authstring = base64.b64encode("%s:%s" % (self.user, self.passwd))
             _headers["Authorization"] = "Basic %s" % authstring
         if headers:
             _headers.update(headers)
         log.debug("Sent crowd: \n%s",
                   formatted_json({"url": url, "body": body,
                                            "headers": _headers}))
         request = urllib2.Request(url, body, _headers)
         if method:
             request.get_method = lambda: method
         global msg
         msg = ""
         try:
             rdoc = self.opener.open(request)
             msg = "".join(rdoc.readlines())
             if not msg and empty_response_ok:
                 rval = {}
                 rval["status"] = True
                 rval["error"] = "Response body was empty"
             elif not noformat:
                 rval = json.loads(msg)
                 rval["status"] = True
             else:
                 rval = "".join(rdoc.readlines())
         except Exception as e:
             if not noformat:
                 rval = {"status": False,
                         "body": body,
                         "error": str(e) + "\n" + msg}
             else:
                 rval = None
         return rval
     def user_auth(self, username, password):
         """Authenticate a user against crowd. Returns brief information about
         the user."""
         url = ("%s/rest/usermanagement/%s/authentication?username=%s"
                % (self._uri, self._version, username))
+               % (self._uri, self._version, urllib2.quote(username)))
         body = json.dumps({"value": password})
         return self._request(url, body)
     def user_groups(self, username):
         """Retrieve a list of groups to which this user belongs."""
         url = ("%s/rest/usermanagement/%s/user/group/nested?username=%s"
                % (self._uri, self._version, username))
+               % (self._uri, self._version, urllib2.quote(username)))
         return self._request(url)
 class KallitheaAuthPlugin(auth_modules.KallitheaExternalAuthPlugin):
     @hybrid_property
     def name(self):
         return "crowd"
     def settings(self):
         settings = [
+            {
                 "name": "host",
                 "validator": self.validators.UnicodeString(strip=True),
                 "type": "string",
                 "description": "The FQDN or IP of the Atlassian CROWD Server",
                 "default": "127.0.0.1",
                 "formname": "Host"
             },
+            {
                 "name": "port",
                 "validator": self.validators.Number(strip=True),
                 "type": "int",
                 "description": "The Port in use by the Atlassian CROWD Server",
                 "default": 8095,
                 "formname": "Port"
             },
+            {
                 "name": "app_name",
                 "validator": self.validators.UnicodeString(strip=True),
                 "type": "string",
                 "description": "The Application Name to authenticate to CROWD",
                 "default": "",
                 "formname": "Application Name"
             },
+            {
                 "name": "app_password",
                 "validator": self.validators.UnicodeString(strip=True),
                 "type": "string",
                 "description": "The password to authenticate to CROWD",
                 "default": "",
                 "formname": "Application Password"
             },
+            {
                 "name": "admin_groups",
                 "validator": self.validators.UnicodeString(strip=True),
                 "type": "string",
                 "description": "A comma separated list of group names that identify users as Kallithea Administrators",
                 "formname": "Admin Groups"
+            }
+        ]
         return settings
     def use_fake_password(self):
         return True
     def user_activation_state(self):
         def_user_perms = User.get_default_user().AuthUser.permissions['global']
         return 'hg.extern_activate.auto' in def_user_perms
     def auth(self, userobj, username, password, settings, **kwargs):
         """
         Given a user object (which may be null), username, a plaintext password,
         and a settings object (containing all the keys needed as listed in settings()),
         authenticate this user's login attempt.
         Return None on failure. On success, return a dictionary of the form:
             see: KallitheaAuthPluginBase.auth_func_attrs
         This is later validated for correctness
         """
         if not username or not password:
             log.debug('Empty username or password skipping...')
             return None
         log.debug("Crowd settings: \n%s", formatted_json(settings))
         server = CrowdServer(**settings)
         server.set_credentials(settings["app_name"], settings["app_password"])
         crowd_user = server.user_auth(username, password)
         log.debug("Crowd returned: \n%s", formatted_json(crowd_user))
         if not crowd_user["status"]:
             return None
         res = server.user_groups(crowd_user["name"])
         log.debug("Crowd groups: \n%s", formatted_json(res))
         crowd_user["groups"] = [x["name"] for x in res["groups"]]
         # old attrs fetched from Kallithea database
         admin = getattr(userobj, 'admin', False)
         active = getattr(userobj, 'active', True)
         email = getattr(userobj, 'email', '')
         firstname = getattr(userobj, 'firstname', '')
         lastname = getattr(userobj, 'lastname', '')
         user_data = {
             'username': username,

0 comments (0 inline, 0 general)