Edgewall Software

Ticket #1522 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

Login raises exception on IIS

Reported by: anonymous Owned by: jonas
Priority: normal Milestone: 0.9
Component: general Version: devel
Severity: normal Keywords:
Cc:

Description

When trying to login to Trac (latest version from trunk) you get: 

Oops...
Trac detected an internal error:

'NoneType' object has no attribute 'strip'

Python traceback

Traceback (most recent call last):
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\cgi_frontend.py", line 103, in run
    dispatch_request(os.getenv('PATH_INFO').replace(os.getenv('SCRIPT_NAME'),""), req, env)
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\main.py", line 311, in dispatch_request
    dispatcher.dispatch(req)
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\main.py", line 190, in dispatch
    resp = chosen_handler.process_request(req)
  File "C:\Program Files\Python23\Lib\site-packages\trac\Browser.py", line 284, in process_request
    normpath = repos.normalize_path(path)
  File "C:\Program Files\Python23\Lib\site-packages\trac\versioncontrol\cache.py", line 110, in normalize_path
    return self.repos.normalize_path(path)
  File "C:\Program Files\Python23\Lib\site-packages\trac\versioncontrol\svn_fs.py", line 177, in normalize_path
    return path == '/' and path or path.strip('/')
AttributeError: 'NoneType' object has no attribute 'strip'

What's wrong? I set up Trac on IIS5 according to the HOWTOs...

Attachments

auth.py (8.0 KB) - added by markus 3 years ago.

Change History

Changed 4 years ago by anonymous

  • milestone set to 0.9

When using [1667] you get: 

Python traceback

Traceback (most recent call last):
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\cgi_frontend.py", line 103, in run
    dispatch_request(os.getenv('PATH_INFO').replace(os.getenv('SCRIPT_NAME'),""), req, env)
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\main.py", line 307, in dispatch_request
    dispatcher.dispatch(req)
  File "C:\Program Files\Python23\Lib\site-packages\trac\web\main.py", line 190, in dispatch
    resp = chosen_handler.process_request(req)
  File "C:\Program Files\Python23\Lib\site-packages\trac\Browser.py", line 272, in process_request
    req.hdf['title'] = path + ' (log)'
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'

Why is path of "NoneType?"?

Changed 4 years ago by anonymous

Further investigations...

You won't see the exception when turning off logging (since the exception gets raised inside LogModule.process_request).
But what's weird is that you get presented the /log page instead of the "/login page/dialog".

Changed 4 years ago by anonymous

Okay, after Matthew's changeset [1710] the LogModule only matches /login requests.
When using [1710] Trac began to Ooops again: 

Error

No handler matched request to /login

Since I grant anonymous access to Trac this line inside RequestDispatcher.dispatch_request 

elif req.remote_user:

fails and leads to the exception. If I restrict access to authenticated users everything works. :-(

Changed 4 years ago by mgood

The error in previous message isn't an exception. This is actually expected if you don't have authentication turned on, since Trac doesn't actually provide a login page. You need to turn on authentication in IIS, but only to get to the "/login" path, not the entire site.

Changed 4 years ago by anonymous

Okay, sounds reasonable. I doubt this is possible with IIS, though.

Changed 4 years ago by anonymous

The one and only way to protect the "/login" path while disabling authentication for the rest of the site is to write an ISAPI filter. So, I'm wondering if it would be a good idea to write a custom trac isapi filter for the big amount of trac's IIS users. ;-) Is it worth the trouble or should I wait until trac gets its own user authentication?

Changed 4 years ago by anonymous

I'm having the same problem, with a Fedora Core 3 Linux server.

unsupported operand type(s) for +: 'NoneType?' and 'str' Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/trac/core.py", line 531, in cgi_start

real_cgi_start()

File "/usr/lib/python2.3/site-packages/trac/core.py", line 526, in real_cgi_start

dispatch_request(path_info, args, req, env)

File "/usr/lib/python2.3/site-packages/trac/core.py", line 441, in dispatch_request

module.run()

File "/usr/lib/python2.3/site-packages/trac/Module.py", line 36, in run

core.populate_hdf(self.req.hdf, self.env, self.db, self.req)

File "/usr/lib/python2.3/site-packages/trac/core.py", line 220, in populate_hdf

hdf.setValue('trac.href.wiki', env.href.wiki())

File "/usr/lib/python2.3/site-packages/trac/Href.py", line 148, in wiki

return href_join(self.base, 'wiki')

File "/usr/lib/python2.3/site-packages/trac/util.py", line 123, in href_join

u1 = rstrip(u1, '/') + '/' + lstrip(u2, '/')

TypeError?: unsupported operand type(s) for +: 'NoneType?' and 'str'

Changed 3 years ago by markus

Does someone see a chance to trap the case when path_info == '/login' and req.remote_user is not set in order to send a 401 header? (see my comment on the mailing list) My plan is to send a 401 header in response to the login request to let IIS show up a login box and validate the user by means of the NTLM.

Obviously this should be done in an extern component especially for IIS users since this would be a security hole for Apache users, I guess. Unfortunately I can't make it on my own! :-(

Changed 3 years ago by mgood

  • status changed from new to closed
  • resolution set to fixed

Well, it seems like the real issue here was fixed by [1710].

Markus regarding handling IIS login see #1855 on extending Trac's authentication process.

Changed 3 years ago by markus

Matt, I'm okay with closing this ticket since it solves my initial problem.

As for the IIS login problems, I already tried to adapt auth.py to work with IIS. But all I know by now is that this won't work with the current design of the login mechanism since I have to trap all /login requests, send a 401 header and wait for the remote_user to be set by the browser. This means that there have to be two /login requests processed by the auth plugin. But it seems to me like Trac somehow falls back to the request dispatcher in this case...

Changed 3 years ago by markus

Okay, I made basic authentication to work.

I noticed that IIS 5 and below ignores cookies when sent together with a redirect header, so I consider to send a welcome page right after login. In this case there's no need to redirect the user back to referer.

Maybe I'll also add digest authentication soon, so that the password does not get sent in clear text.

I'd be glad if someone of the experts could review my code and test it on Apache as well. Thanks.

Changed 3 years ago by markus

Changed 3 years ago by anonymous

  • status changed from closed to reopened
  • resolution fixed deleted
  • component changed from general to roadmap
  • type changed from defect to task

hgjfhgjfhgj

Changed 3 years ago by anonymous

hgjdhgbb

Changed 3 years ago by mgood

  • status changed from reopened to closed
  • resolution set to fixed
  • component changed from roadmap to general
  • type changed from task to defect

This is not a test site. Do not abuse it.

Add/Change #1522 (Login raises exception on IIS)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
to The owner will change from jonas. Next status will be 'closed'
 
Note: See TracTickets for help on using tickets.