Opened 5 years ago

TypeError: Incorrect padding after enabling the plugin

Reported by: Owned by: Rafael txcraig normal HttpAuthPlugin critical Jan Beilicke 1.0

Description

Activating the plugin, causes the following traceback, even if I just want to access the root of the Trac installation (e.g. /trac and not /trac/login/xmlrpc).

Traceback (most recent call last):
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/api.py", line 502, in send_error
data, 'text/html')
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/chrome.py", line 955, in render_template
message = req.session.pop('chrome.%s.%d' % (type_, i))
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/api.py", line 304, in __getattr__
value = self.callbacks[name](self)
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/main.py", line 268, in _get_session
return Session(self.env, req)
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/session.py", line 200, in __init__
if req.authname == 'anonymous':
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/api.py", line 304, in __getattr__
value = self.callbacks[name](self)
File "/usr/local/lib/python2.6/dist-packages/Trac-1.0-py2.6.egg/trac/web/main.py", line 135, in authenticate
authname = authenticator.authenticate(req)
File "build/bdist.linux-x86_64/egg/httpauth/filter.py", line 65, in authenticate
File "build/bdist.linux-x86_64/egg/httpauth/filter.py", line 76, in _check_password
user, passwd = b64decode(token).split(':', 1)
File "/usr/lib/python2.6/base64.py", line 76, in b64decode
raise TypeError(msg)


Shouldn’t the plugin just ignore folders that don’t match the path and return a proper HTTP error code on missing auth parameters instead of raising an exception?

comment:1 Changed 5 years ago by Rafael

The error is gone when the user is already logged in or when I add a irrelevant user parameter to the URL, i.e. I can access http://user@foo.com/trac/login, log in and then continue to use the site. But when I go to http://foo.com/trac/login while logged out, I get the above error message. Shouldn’t the preprocess function ignore all paths except /trac/login/xmlrpc by default? I didn’t set anything in the trac.ini.

comment:2 Changed 5 years ago by txcraig

Owner: changed from Noah Kantrowitz to txcraig new → assigned

I am adopting maintenance of this plugin

comment:3 Changed 5 years ago by Jan Beilicke

Cc: Jan Beilicke added; anonymous removed

comment:4 Changed 5 years ago by Jan Beilicke

I have the same issue. Passing the auth credentials in the URL works.

comment:5 Changed 5 years ago by Jan Beilicke

Maybe related: #3549

There, the likely explanation is the usage of htdigest instead of basic authentication.

comment:6 Changed 5 years ago by anonymous

Tip for Digest Authentication users: Do not have the <Location /trac/login/rpc>... clause in your VirtualHost definition. Instead, let HTTPAuthPlugin send the authentication request to your XMLRPC client as a Basic Authentication request. HTTPAuthPlugin is designed to work with Basic Authentication which will return the user's credentials as in the form of "username:password" back to the server. This, in turn, gets passed to the AccountManagerPlugin, which will handle the the password checking properly, because the lower-level handlers will know how to parse the digest password file and do the proper MD5 hash.

My Trac site, which uses Apache 2.4 + mod_wsgi + SSL now works correctly for regular user interactivity as well as XMLRPC automation scripts.

Modify Ticket

Change Properties