UIA proxy makes it impossible to login for some users
famedly-bot opened this issue · comments
In GitLab by @krille-chan on Nov 7, 2022, 09:48
Description
I can not login with some users randomly on integration-tests-stable.famedly.de the uia-proxy returns 403 FORBIDDEN, while I definitely sent the correct password and username. It is easy to reproduce with the affected users. I can not login with "krille_test" even when I set the password to 12341234 or 12345678 in the admin interface. But I can login with "krille_test44". This problem also affects random CI test users. On every integration test in the frontend apps we create a new user. And sometimes then these users can not log in. Logs:
- (Login failed at user creation stage) https://gitlab.com/famedly/company/frontend/app/-/jobs/3282409958
- (Login failed in the test) https://gitlab.com/famedly/company/frontend/app/-/jobs/3282436766
This lets all of our tests randomly fail and blocks frontend. It might not be the only problem in our CI but it is one of the major ones.
Service,Platform & Version
UIA-Proxy
More information
In GitLab by @krille-chan on Nov 7, 2022, 09:57
I'm not sure if this is related to: https://gitlab.com/famedly/company/product-management/-/issues/290
In GitLab by @krille-chan on Nov 7, 2022, 10:54
This completely blocks all integration tests in the Flutter app and therefore blocks all development there :-(((
In GitLab by @krille-chan on Nov 7, 2022, 10:56
It also blocks the cypress tests in the web app:
https://gitlab.com/famedly/company/frontend/famedly-web/-/jobs/3282982950
https://gitlab.com/famedly/company/frontend/famedly-web/-/jobs/3282982908
https://gitlab.com/famedly/company/frontend/famedly-web/-/jobs/3282982895
In GitLab by @nikzen on Nov 8, 2022, 09:23
@famedly/squad-manage-tooling Do you have all information to solve this bug?
In GitLab by @nikzen on Nov 9, 2022, 11:56
@krille-chan Can you please provide more log data using grafana?
In GitLab by @krille-chan on Nov 21, 2022, 12:39
No. I have no access to it
In GitLab by @MarkTalh on Dec 13, 2022, 13:04
@famedly/company/backend have there been any updates on this?
In GitLab by @agraven on Jan 2, 2023, 13:45
Relevant log data
Jan-2 12:34:23.514 [Webserver] debug: Creating new session
Jan-2 12:34:23.514 [StageHandler (login)] info: Got request
Jan-2 12:34:23.514 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:34:23.525 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:23.526 [StageHandler (login)] info: Stage is valid
Jan-2 12:34:23.526 [PasswordProvider Ldap] info: Checking password for krille_test...
Jan-2 12:34:23.526 [PasswordProvider Ldap] verbose: getLoginInfo: start for krille_test
Jan-2 12:34:26.046 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:26.051 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test using filter (&(|(objectClass=inetOrgPerson))(uid=krille_test)(enabled=TRUE))
Jan-2 12:34:26.064 [PasswordProvider Ldap] verbose: ldap: found one user for krille_test with dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:26.065 [PasswordProvider Ldap] verbose: ldap: found entry for user=krille_test: {"dn":"uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116]}}}
Jan-2 12:34:26.065 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=krille_test
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: ldap: Invalid username/password for dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:28.265 [PasswordProvider Ldap] verbose: ldap: Could not bind for dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de, error=InvalidCredentialsError: Invalid Credentials
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate krille_test, aborting
Jan-2 12:34:28.265 [PasswordProvider Ldap] verbose: getLoginInfo: found dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:28.265 [StageHandler (login)] info: User didn't manage to complete this stage
Jan-2 12:34:28.266 [StageHandler (login)] info: Fetching parameters...
Jan-2 12:34:28.267 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:31.848 [Webserver] debug: Using existing session
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:31.849 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:31.849 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:34:31.849 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.038 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:34.041 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:34.042 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:34:34.057 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:34.058 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, subtree=dc=integration-tests-stable,dc=famedly,dc=de, scope: sub, filter: (persistentId=objectbject)
Jan-2 12:34:34.071 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.077 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:34:34.077 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:34:34.077 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.077 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:36.478 [Webserver] debug: Creating new session
Jan-2 12:34:36.478 [StageHandler (login)] info: Got request
Jan-2 12:34:36.478 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:34:36.479 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:36.480 [StageHandler (login)] info: Stage is valid
Jan-2 12:34:36.480 [PasswordProvider Ldap] info: Checking password for krille_test44...
Jan-2 12:34:36.480 [PasswordProvider Ldap] verbose: getLoginInfo: start for krille_test44
Jan-2 12:34:38.715 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:38.721 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test44 using filter (&(|(objectClass=inetOrgPerson))(uid=krille_test44)(enabled=TRUE))
Jan-2 12:34:38.728 [PasswordProvider Ldap] verbose: ldap: found one user for krille_test44 with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:38.728 [PasswordProvider Ldap] verbose: ldap: found entry for user=krille_test44: {"dn":"uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test44"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116,52,52]}}}
Jan-2 12:34:38.729 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=krille_test44
Jan-2 12:34:40.966 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=krille_test44 as uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:40.970 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=krille_test44 succeeded with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:40.970 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:34:40.970 [UsernameMapper] verbose: Converting username=krille_test44 with persistentId=a6-h5t-4=watch=xpak651ufzkb4tsxqe84vg4zq to localpart using mode=HMAC-SHA256
Jan-2 12:34:40.972 [PasswordProvider Ldap] info: Setting username to t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:40.972 [StageHandler (login)] info: Stage got completed
Jan-2 12:34:40.972 [StageHandler (login)] info: Successfully identified, passing on request!
Jan-2 12:34:40.972 [Api] info: Received login request
Jan-2 12:34:40.972 [Api] verbose: Session seems valid, attempting login with matrix server...
Jan-2 12:34:40.972 [Api] verbose: Generating token for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:41.058 [Api] info: Successfully logged in!
Jan-2 12:34:41.059 [Api] verbose: Checking if name should be updated
Jan-2 12:34:41.071 [Api] verbose: Name does not need to be updated
Jan-2 12:34:41.235 [Webserver] debug: Creating new session
Jan-2 12:34:41.235 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:41.235 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:34:41.236 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:41.236 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:44.153 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:49.336 [Webserver] debug: Creating new session
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:49.337 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:49.427 [Webserver] debug: Using existing session
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:49.427 [PasswordProvider Ldap] info: Checking password for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:49.427 [PasswordProvider Ldap] verbose: getLoginInfo: start for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.699 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:51.709 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg using filter (&(|(objectClass=inetOrgPerson))(uid=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg)(enabled=TRUE))
Jan-2 12:34:51.717 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg,undefined, fetching from username mapper...
Jan-2 12:34:51.717 [UsernameMapper] verbose: Looking up username from localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg in mode=HMAC-SHA256
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=krille_test44 for localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, subtree=dc=integration-tests-stable,dc=famedly,dc=de, scope: sub, filter: (persistentId=objectbject)
Jan-2 12:34:51.723 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=krille_test44 mapped from localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.732 [PasswordProvider Ldap] verbose: ldap: found one user for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:51.732 [PasswordProvider Ldap] verbose: ldap: found entry for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg: {"dn":"uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test44"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116,52,52]}}}
Jan-2 12:34:51.733 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:54.009 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg as uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:54.014 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg succeeded with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:54.014 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:34:54.014 [UsernameMapper] verbose: Converting username=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg with persistentId=a6-h5t-4=watch=xpak651ufzkb4tsxqe84vg4zq to localpart using mode=HMAC-SHA256
Jan-2 12:34:54.016 [PasswordProvider Ldap] info: Setting username to t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:54.016 [StageHandler (uploadDeviceSigningKeys)] info: Stage got completed
Jan-2 12:34:54.016 [StageHandler (uploadDeviceSigningKeys)] info: Successfully identified, passing on request!
Jan-2 12:34:54.016 [Api] info: Proxying request /_matrix/client/v3/keys/device_signing/upload...
Jan-2 12:34:54.016 [Api] verbose: Generating token for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:54.019 [Webserver] debug: Using existing session
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:54.019 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:34:54.019 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.243 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:56.245 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:56.252 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:34:56.265 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:34:56.265 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, subtree=dc=integration-tests-stable,dc=famedly,dc=de, scope: sub, filter: (persistentId=objectbject)
Jan-2 12:34:56.280 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.293 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:34:56.293 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:34:56.293 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.294 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:56.404 [Api] info: Successfully sent request to homeserver
Jan-2 12:35:06.379 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:16.501 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:23.893 [Webserver] debug: Using existing session
Jan-2 12:35:23.893 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:35:23.894 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:35:23.894 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.339 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:35:26.342 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:35:26.348 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, subtree=dc=integration-tests-stable,dc=famedly,dc=de, scope: sub, filter: (persistentId=objectbject)
Jan-2 12:35:26.355 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.370 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:35:26.371 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:35:26.371 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.371 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:26.587 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:36.693 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:46.808 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:52.200 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:52.715 [Webserver] debug: Creating new session
Jan-2 12:35:52.716 [StageHandler (login)] info: Got request
Jan-2 12:35:52.716 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:35:52.716 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:52.716 [StageHandler (login)] info: Stage is valid
Jan-2 12:35:52.716 [StageHandler (login)] info: User didn't manage to complete this stage
Jan-2 12:35:52.717 [StageHandler (login)] info: Fetching parameters...
Jan-2 12:35:52.718 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:56.937 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:05.482 [Webserver] debug: Creating new session
Jan-2 12:36:05.482 [StageHandler (login)] info: Got request
Jan-2 12:36:05.482 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:36:05.483 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:05.483 [StageHandler (login)] info: Stage is valid
Jan-2 12:36:05.484 [PasswordProvider Ldap] info: Checking password for duan_test1...
Jan-2 12:36:05.484 [PasswordProvider Ldap] verbose: getLoginInfo: start for duan_test1
Jan-2 12:36:07.828 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:36:07.829 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:07.832 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=duan_test1 using filter (&(|(objectClass=inetOrgPerson))(uid=duan_test1)(enabled=TRUE))
Jan-2 12:36:07.840 [PasswordProvider Ldap] verbose: ldap: found one user for duan_test1 with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:07.841 [PasswordProvider Ldap] verbose: ldap: found entry for user=duan_test1: {"dn":"uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"duan_test1"},"raw":{"uid":{"type":"Buffer","data":[100,117,97,110,95,116,101,115,116,49]}}}
Jan-2 12:36:07.841 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=duan_test1
Jan-2 12:36:10.088 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=duan_test1 as uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:10.091 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=duan_test1 succeeded with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:10.092 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:36:10.092 [UsernameMapper] verbose: Converting username=duan_test1 with persistentId=374ewxrd6k9rw=oxaxstm7rx76tql5r73w1nnncv to localpart using mode=HMAC-SHA256
Jan-2 12:36:10.092 [PasswordProvider Ldap] info: Setting username to hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:10.093 [StageHandler (login)] info: Stage got completed
Jan-2 12:36:10.093 [StageHandler (login)] info: Successfully identified, passing on request!
Jan-2 12:36:10.093 [Api] info: Received login request
Jan-2 12:36:10.093 [Api] verbose: Session seems valid, attempting login with matrix server...
Jan-2 12:36:10.093 [Api] verbose: Generating token for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:10.167 [Api] info: Successfully logged in!
Jan-2 12:36:10.167 [Api] verbose: Checking if name should be updated
Jan-2 12:36:10.187 [Api] verbose: Name does not need to be updated
Jan-2 12:36:17.936 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:28.036 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:38.155 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:41.795 [Webserver] debug: Creating new session
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:36:41.796 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:42.118 [Webserver] debug: Using existing session
Jan-2 12:36:42.118 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:36:42.118 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:36:42.125 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:42.125 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:36:42.125 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:42.126 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.524 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:36:44.528 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:36:44.542 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:36:44.542 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=duan_test1 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, subtree=dc=integration-tests-stable,dc=famedly,dc=de, scope: sub, filter: (persistentId=objectbject)
Jan-2 12:36:44.546 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=duan_test1 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: found one user for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: found entry for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470: {"dn":"uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"duan_test1"},"raw":{"uid":{"type":"Buffer","data":[100,117,97,110,95,116,101,115,116,49]}}}
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:46.685 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 as uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:46.687 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 succeeded with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:46.687 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:36:46.687 [UsernameMapper] verbose: Converting username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 with persistentId=374ewxrd6k9rw=oxaxstm7rx76tql5r73w1nnncv to localpart using mode=HMAC-SHA256
Jan-2 12:36:46.688 [PasswordProvider Ldap] info: Setting username to hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:46.688 [StageHandler (uploadDeviceSigningKeys)] info: Stage got completed
Jan-2 12:36:46.688 [StageHandler (uploadDeviceSigningKeys)] info: Successfully identified, passing on request!
Jan-2 12:36:46.688 [Api] info: Proxying request /_matrix/client/v3/keys/device_signing/upload...
Jan-2 12:36:46.688 [Api] verbose: Generating token for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:46.863 [Api] info: Successfully sent request to homeserver
Jan-2 12:36:48.253 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:58.330 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:08.435 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:18.545 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:28.658 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:38.759 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:48.881 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:59.266 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:38:09.377 [StageHandler (login)] info: Handling GET endpoint...
In GitLab by @nikzen on Jan 13, 2023, 14:53
moved from undefined##undefined
In GitLab by @nikzen on Jan 16, 2023, 14:53
Changing the password using the admin-panel seems to show weird behavior. Based on the hash of the password the login is working or not.
If there is a \\ in the hash the login does not work.
In GitLab by @nikzen on Jan 17, 2023, 16:59
I need to open the issue as \+ also breaks everything.
For changing the password using the admin-api, it is not possible to login again if the hashes look like this:
- userPassword={SSHA}6m6tJ\+pouoQJ/MvtXlfWHQ2Nt8DtVx9FxDeYAbUQrYRRQGGgVCsHhWoDNkqJ13H8jMQWFg==
- userPassword={SSHA}xI8AGlyyvJ9nsccvVxKVR7APhiCqRjOWxx4fNIBAIy\+Z8ktqbBbIHgjVZNQ/8kMTxg3SAA==
- userPassword={SSHA}t4fjygOhqZDNqszqh8zppktxqZI5qQMerDOVwYImYRpeS\+ROqsXSkWBEVEZTyuOxL28Mkg==
If the hashes look like this, it works:
- userPassword={SSHA}IKL98NZKsw5KR0sQtC8v4drIGvY1HKj4nYY4hHNb6zjBL9P4wLtdf93g3IWBlbsBXk4vZg==
- userPassword={SSHA}DmsoYviwQavRjpWd7b4N84E7cPkDX7jk9kRGrO/DDFibL4CkMGdTqlLNEV2EOShNfgR1qg==
In GitLab by @nikzen on Jan 17, 2023, 17:47
This was how it looked yesterday:
Broken:
userPassword={SSHA}n4pY8IG4fYldzbdyMpfJW11ilQa674IuZPGLF/zcZShWfWs7nlW\\+pDilXQYq4Q\\+XyQ9FYw==userPassword={SSHA}0VafBSqL8qhnUFIK\\+J9kvqW7aZmWBaomE331PQpPDUeCzmX6VX75rcvpyQcHOjyxTbcP8g==userPassword={SSHA}1R8olnsRHZm/V9GC89rKDh2bNCk9E7c2Wn/Yz\\+LoDayypFlX/zYAjsLduMD1yvhhw8E\\+yQ==
Not Broken:
userPassword={SSHA}vkb1RL75LQcgd6nTyXScUcGeeNMPodZbUXMpu430OohrjEoxdZzkk2QZvri44jcniQgNoA==userPassword={SSHA}pdqplkkwwimHIe5cVTiZUruueXEkovQPHQxvNQBhMQiEqFDT3yA9dtOoll0vTGiho3blsQ==
In GitLab by @nikzen on Jan 17, 2023, 17:48
It seems we need to escape \\+ and not only \\
In GitLab by @nikzen on Jan 18, 2023, 12:21
This is fixed here: https://gitlab.com/famedly/company/backend/services/admin-api/-/merge_requests/59
In GitLab by @maren-r on Jan 18, 2023, 13:02
mentioned in issue undefined##undefined