← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1894801] [NEW] django encoding issue in password setting

 

Public bug reported:

Env: devstack master branch / devstack ussuri/stable branch

Steps to reproduce:

1. Go to admin - Settings - User Settings
2. Change language from English(en) to 한국어(ko) (or Japanese etc.)
3. Go to 'Change Password' panel and change your password

Then, it makes '500 internal server error'.

Error info:
2020-09-08 06:48:02.024858 DEBUG openstack_dashboard.api.keystone Creating a new keystoneclient connection to http://192.168.1.10/identity/v3.
2020-09-08 06:48:02.025560 DEBUG keystoneauth.session REQ: curl -g -i -X GET http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65 -H "Accept: application/json" -H "Forwarded: for=61.72.172.1;by=python-keystoneclient" -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: {SHA256}121fbe208e018ce54881718f444281142427350e3e97e2f825ed14670d66b323"
2020-09-08 06:48:02.052111 DEBUG keystoneauth.session RESP: [200] Connection: close Content-Length: 248 Content-Type: application/json Date: Tue, 08 Sep 2020 06:48:02 GMT Server: Apache/2.4.29 (Ubuntu) Vary: X-Auth-Token x-openstack-request-id: req-8bd7b3f9-e47c-4132-ae0a-3334c253fbf2
2020-09-08 06:48:02.052284 DEBUG keystoneauth.session RESP BODY: {"user": {"id": "a6afb486ad9b4200a4ed37b6865f4e65", "name": "admin", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": {"self": "http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65"}}}
2020-09-08 06:48:02.052313
2020-09-08 06:48:02.052396 DEBUG keystoneauth.session GET call to identity for http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65 used request id req-8bd7b3f9-e47c-4132-ae0a-3334c253fbf2
2020-09-08 06:48:02.052686 DEBUG openstack_dashboard.api.keystone Creating a new keystoneclient connection to http://192.168.1.10/identity/v3.
2020-09-08 06:48:02.132947 mod_wsgi (pid=22999): Exception occurred processing WSGI script '/opt/stack/horizon/openstack_dashboard/wsgi.py'.
2020-09-08 06:48:02.133017 Traceback (most recent call last):
2020-09-08 06:48:02.133033   File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/wsgi.py", line 150, in __call__
2020-09-08 06:48:02.133036     start_response(status, response_headers)
2020-09-08 06:48:02.133046 ValueError: unicode object contains non latin-1 characters


Then, I printed response header and logout_reason includes uninterpretable string.

2020-09-08 07:40:56.926214 [('Content-Type', 'text/html;
charset=utf-8'), ('Location', '/dashboard/auth/logout/'), ('X-Frame-
Options', 'SAMEORIGIN'), ('Vary', 'Accept-Language, Cookie'), ('Content-
Language', 'ko'), ('Content-Length', '0'), ('Set-Cookie', '
logout_reason="\xeb\xb9\x84\xeb\xb0\x80\xeb\xb2\x88\xed\x98\xb8\xeb\xa5\xbc
\xeb\xb3\x80\xea\xb2\xbd\xed\x95\x98\xec\x98\x80\xec\x8a\xb5\xeb\x8b\x88\xeb\x8b\xa4.
\xeb\x8b\xa4\xec\x8b\x9c \xeb\xa1\x9c\xea\xb7\xb8\xec\x9d\xb8
\xed\x95\xb4\xec\xa3\xbc\xec\x8b\xad\xec\x8b\x9c\xec\x98\xa4.";
expires=Tue, 08 Sep 2020 07:41:06 GMT; Max-Age=10; Path=/'), ('Set-
Cookie', ' logout_status=success; expires=Tue, 08 Sep 2020 07:41:06 GMT;
Max-Age=10; Path=/'), ('Set-Cookie', '
sessionid=fc6dlnkbz9hvv3xp5mrs4gbhtqqhg586; expires=Tue, 08 Sep 2020
08:40:29 GMT; HttpOnly; Max-Age=3573; Path=/; SameSite=Lax')]

I debugged horizon codes and I found problem-causing part.

- 'handle' method in 'horizon/openstack_dashboard/dashboards/settings/password/forms.py'
- 'add_logout_reason' function in 'horizon/horizon/utils/functions.py'

In 'add_logout_reason" function, it translates logout_reason message to Korean and set translated message into cookie. 
I think translated message makes errors.
It works without errors when you don't set a password reason message on the cookie or message doesn't include unicode characters.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1894801

Title:
  django encoding issue in password setting

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Env: devstack master branch / devstack ussuri/stable branch

  Steps to reproduce:

  1. Go to admin - Settings - User Settings
  2. Change language from English(en) to 한국어(ko) (or Japanese etc.)
  3. Go to 'Change Password' panel and change your password

  Then, it makes '500 internal server error'.

  Error info:
  2020-09-08 06:48:02.024858 DEBUG openstack_dashboard.api.keystone Creating a new keystoneclient connection to http://192.168.1.10/identity/v3.
  2020-09-08 06:48:02.025560 DEBUG keystoneauth.session REQ: curl -g -i -X GET http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65 -H "Accept: application/json" -H "Forwarded: for=61.72.172.1;by=python-keystoneclient" -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: {SHA256}121fbe208e018ce54881718f444281142427350e3e97e2f825ed14670d66b323"
  2020-09-08 06:48:02.052111 DEBUG keystoneauth.session RESP: [200] Connection: close Content-Length: 248 Content-Type: application/json Date: Tue, 08 Sep 2020 06:48:02 GMT Server: Apache/2.4.29 (Ubuntu) Vary: X-Auth-Token x-openstack-request-id: req-8bd7b3f9-e47c-4132-ae0a-3334c253fbf2
  2020-09-08 06:48:02.052284 DEBUG keystoneauth.session RESP BODY: {"user": {"id": "a6afb486ad9b4200a4ed37b6865f4e65", "name": "admin", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": {"self": "http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65"}}}
  2020-09-08 06:48:02.052313
  2020-09-08 06:48:02.052396 DEBUG keystoneauth.session GET call to identity for http://192.168.1.10/identity/v3/users/a6afb486ad9b4200a4ed37b6865f4e65 used request id req-8bd7b3f9-e47c-4132-ae0a-3334c253fbf2
  2020-09-08 06:48:02.052686 DEBUG openstack_dashboard.api.keystone Creating a new keystoneclient connection to http://192.168.1.10/identity/v3.
  2020-09-08 06:48:02.132947 mod_wsgi (pid=22999): Exception occurred processing WSGI script '/opt/stack/horizon/openstack_dashboard/wsgi.py'.
  2020-09-08 06:48:02.133017 Traceback (most recent call last):
  2020-09-08 06:48:02.133033   File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/wsgi.py", line 150, in __call__
  2020-09-08 06:48:02.133036     start_response(status, response_headers)
  2020-09-08 06:48:02.133046 ValueError: unicode object contains non latin-1 characters

  
  Then, I printed response header and logout_reason includes uninterpretable string.

  2020-09-08 07:40:56.926214 [('Content-Type', 'text/html;
  charset=utf-8'), ('Location', '/dashboard/auth/logout/'), ('X-Frame-
  Options', 'SAMEORIGIN'), ('Vary', 'Accept-Language, Cookie'),
  ('Content-Language', 'ko'), ('Content-Length', '0'), ('Set-Cookie', '
  logout_reason="\xeb\xb9\x84\xeb\xb0\x80\xeb\xb2\x88\xed\x98\xb8\xeb\xa5\xbc
  \xeb\xb3\x80\xea\xb2\xbd\xed\x95\x98\xec\x98\x80\xec\x8a\xb5\xeb\x8b\x88\xeb\x8b\xa4.
  \xeb\x8b\xa4\xec\x8b\x9c \xeb\xa1\x9c\xea\xb7\xb8\xec\x9d\xb8
  \xed\x95\xb4\xec\xa3\xbc\xec\x8b\xad\xec\x8b\x9c\xec\x98\xa4.";
  expires=Tue, 08 Sep 2020 07:41:06 GMT; Max-Age=10; Path=/'), ('Set-
  Cookie', ' logout_status=success; expires=Tue, 08 Sep 2020 07:41:06
  GMT; Max-Age=10; Path=/'), ('Set-Cookie', '
  sessionid=fc6dlnkbz9hvv3xp5mrs4gbhtqqhg586; expires=Tue, 08 Sep 2020
  08:40:29 GMT; HttpOnly; Max-Age=3573; Path=/; SameSite=Lax')]

  I debugged horizon codes and I found problem-causing part.

  - 'handle' method in 'horizon/openstack_dashboard/dashboards/settings/password/forms.py'
  - 'add_logout_reason' function in 'horizon/horizon/utils/functions.py'

  In 'add_logout_reason" function, it translates logout_reason message to Korean and set translated message into cookie. 
  I think translated message makes errors.
  It works without errors when you don't set a password reason message on the cookie or message doesn't include unicode characters.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1894801/+subscriptions


Follow ups