Launchpad itself

launchpad oopses when no sreg attributes are returned by openid OP

Bug #810623 reported by Ricardo Kirkner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Ian Booth

Bug Description

We're releasing a feature to allow end-users to decide which attributes to share with the consumer site (see bug #121533).
While testing this on staging, we found that if no attributes are being sent back to launchpad (because the user de-selected all of them), launchpad will OOPS.

According to the openid spec, any required attributes shall be specified in the required parameter, but we see that all attributes are marked as optional. Also, according to the spec, the RP should cope with the OP not sending back requested attributes.

Related branches

lp:~wallyworld/launchpad/openid-oops-810623
Curtis Hovey (community): Approve (code)
Diff: 86 lines (+33/-6)
2 files modified
lib/lp/services/webapp/login.py (+20/-6)
lib/lp/services/webapp/tests/test_login.py (+13/-0)
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

Although this is an OOPS, I'm marking this as Low as it would only be relevant if we were to support other OP than Canonical SSO. As bug 810626 shows, Canonical SSO will always return to us the required attributes.

Changed in launchpad:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Robert Collins (lifeless) wrote :

(discussed on IRC with flacoste). Our policy drives oopses to zero so we have clean signal - this isn't a case where we will have done the wrong thing (once we have our needed attributes marked mandatory), so we shouldn't oops.

I suggest just not-oopsing and giving something user related like UFD, BadRequest back.

Changed in launchpad:
importance: Low → Critical
tags: added: oops
Revision history for this message
Aaron Bentley (abentley) wrote :

Is there an oops-id? That would make this easier to diagnose.

Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

Aaron, unfortunately, I have not kept notice of the oops id. I'd say if you look at the oopses it should be between 2011-07-11 and 2011-07-14.

Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

Most likely during 2011-07-14.

Revision history for this message
Robert Collins (lifeless) wrote :

There are many thousands of oopses a day, finding a particular one by other-than-id isn't going to be all that easy. Can you reproduce it using the staging environment?

summary: - launchpad oopses when no sreg attributes are returned by SSO
+ launchpad oopses when no sreg attributes are returned by openid OP
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote : Re: [Bug 810623] Re: launchpad oopses when no sreg attributes are returned by SSO

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/06/2011 06:39 AM, Robert Collins wrote:
> There are many thousands of oopses a day, finding a particular one by
> other-than-id isn't going to be all that easy. Can you reproduce it
> using the staging environment?
>
> ** Summary changed:
>
> - launchpad oopses when no sreg attributes are returned by SSO
> + launchpad oopses when no sreg attributes are returned by openid OP
>

Hi,

I managed to replicate this on staging. In order to do so, I asked a
losa to change the sso staging config so that staging lp was not a
trusted RP (so that I can unselect sreg fields, even if they are
requested as required).

Then I logged in and did not submit any sreg fields, and got back the
following oops

OOPS-2046STAGING841

I hope this helps

Ricardo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4/4wYACgkQaHF+Qaymu6dK8QCdF8u1EJ2FXOCLYlSp1lxYNM4c
0RUAn1VjH35Ho3i/MfqXEEw9cyehc62Y
=x1R3
-----END PGP SIGNATURE-----

Ian Booth (wallyworld)
Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → Ian Booth (wallyworld)
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r16173 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/16173>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
tags: added: qa-untestable
removed: qa-needstesting
William Grant (wgrant)
tags: added: openid
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.