Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: bouncer
    • Labels:
    • Story Points:
      1

      Description

      If caller sends a service login token with a string exp field, Bouncer returns 500

      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: 172.16.0.28 [20/Sep/2019:03:41:16 +0000] "GET /acs/api/v1/internal/policyquery?rid=dcos:adminrouter:ops:mesos&uid=dcos_history_service&action=full HTTP/1.0" 200 22 "-" "Master Admin Router" (0.002365 s)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: [190920-03:41:16.498] [13778:Thread-3] [bouncer.app.auth.Login] INFO: Trigger login procedure for uid `cd-metronome-sa`
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: [190920-03:41:16.501] [13778:Thread-3] [bouncer.app.auth.Login] INFO: Service login: uid `cd-metronome-sa` refers to a known service account.
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: [190920-03:41:16.501] [13778:Thread-3] [bouncer.app.auth.Login] INFO: Service login: validate service login JWT using the service's public key
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: [2019-09-20 03:41:16 +0000] [13778] [ERROR] Error handling request /acs/api/v1/auth/login
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: Traceback (most recent call last):
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/lib/python3.6/site-packages/gunicorn/workers/gthread.py", line 279, in handle
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: keepalive = self.handle_request(req, conn)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/lib/python3.6/site-packages/gunicorn/workers/gthread.py", line 328, in handle_request
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: respiter = self.wsgi(environ, resp.start_response)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "falcon/api.py", line 248, in falcon.api.API.__call__
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "falcon/api.py", line 244, in falcon.api.API.__call__
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/wsgiapp.py", line 325, in on_post
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: return run_transaction(wrapped_responder)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/models/session.py", line 391, in run_transaction
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: return _txn_retry_loop(dbsession, callback)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/models/session.py", line 437, in _txn_retry_loop
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: ret = callback()
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/wsgiapp.py", line 324, in wrapped_responder
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: return self.resource.on_post(req, resp, **params)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "falcon/hooks.py", line 221, in falcon.hooks._wrap_with_before.do_before
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/auth.py", line 453, in on_post
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: self._login_service(req, resp, user, login_params)
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: File "/opt/mesosphere/packages/bouncer--3cd88c8d256e096289937915ed5222f1a182281a/bouncer/bouncer/app/auth.py", line 273, in _login_service
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: elif payload['exp'] > time.time() + 600:
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: TypeError: '>' not supported between instances of 'str' and 'float'
      Sep 20 03:41:16 ip-172-16-0-28.us-west-2.compute.internal bouncer.sh[13759]: 121.44.80.182 [20/Sep/2019:03:41:16 +0000] "POST /acs/api/v1/auth/login HTTP/1.0" 500 0 "-" "-" (0.000353 s)
      

      As well as checking that exp field exists we should check that it is an int before doing the `<` comparison.

      We could also try to parse a string into an int, to avoid failing.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jonathangiddy Jonathan Giddy
              Team:
              Mesosphere
              Watchers:
              Jonathan Giddy
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: