famedly / uia-proxy

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UIA proxy makes it impossible to login for some users

famedly-bot opened this issue · comments

In GitLab by @krille-chan on Nov 7, 2022, 09:48

Description

I can not login with some users randomly on integration-tests-stable.famedly.de the uia-proxy returns 403 FORBIDDEN, while I definitely sent the correct password and username. It is easy to reproduce with the affected users. I can not login with "krille_test" even when I set the password to 12341234 or 12345678 in the admin interface. But I can login with "krille_test44". This problem also affects random CI test users. On every integration test in the frontend apps we create a new user. And sometimes then these users can not log in. Logs:

This lets all of our tests randomly fail and blocks frontend. It might not be the only problem in our CI but it is one of the major ones.

Service,Platform & Version

UIA-Proxy

More information

In GitLab by @krille-chan on Nov 7, 2022, 09:57

I'm not sure if this is related to: https://gitlab.com/famedly/company/product-management/-/issues/290

In GitLab by @krille-chan on Nov 7, 2022, 10:54

This completely blocks all integration tests in the Flutter app and therefore blocks all development there :-(((

In GitLab by @nikzen on Nov 8, 2022, 09:23

@famedly/squad-manage-tooling Do you have all information to solve this bug?

In GitLab by @agraven on Nov 8, 2022, 11:44

No, I'm still waiting for log data from attempts to reproduce the issue. Last I checked @lrsksr was working with @ghost to reproduce the issue and gather the logs

In GitLab by @nikzen on Nov 9, 2022, 11:56

@krille-chan Can you please provide more log data using grafana?

In GitLab by @krille-chan on Nov 21, 2022, 12:39

No. I have no access to it

In GitLab by @MarkTalh on Dec 13, 2022, 13:04

@famedly/company/backend have there been any updates on this?

In GitLab by @agraven on Jan 2, 2023, 13:45

Relevant log data
Jan-2 12:34:23.514 [Webserver] debug: Creating new session
Jan-2 12:34:23.514 [StageHandler (login)] info: Got request
Jan-2 12:34:23.514 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:34:23.525 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:23.526 [StageHandler (login)] info: Stage is valid
Jan-2 12:34:23.526 [PasswordProvider Ldap] info: Checking password for krille_test...
Jan-2 12:34:23.526 [PasswordProvider Ldap] verbose: getLoginInfo: start for krille_test
Jan-2 12:34:26.046 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:26.051 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test using filter (&(|(objectClass=inetOrgPerson))(uid=krille_test)(enabled=TRUE))
Jan-2 12:34:26.064 [PasswordProvider Ldap] verbose: ldap: found one user for krille_test with dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:26.065 [PasswordProvider Ldap] verbose: ldap: found entry for user=krille_test: {"dn":"uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116]}}}
Jan-2 12:34:26.065 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=krille_test
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: ldap: Invalid username/password for dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:28.265 [PasswordProvider Ldap] verbose: ldap: Could not bind for dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de, error=InvalidCredentialsError: Invalid Credentials
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate krille_test, aborting
Jan-2 12:34:28.265 [PasswordProvider Ldap] verbose: getLoginInfo: found dn=uid=krille_test,ou=users,dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test
Jan-2 12:34:28.265 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:28.265 [StageHandler (login)] info: User didn't manage to complete this stage
Jan-2 12:34:28.266 [StageHandler (login)] info: Fetching parameters...
Jan-2 12:34:28.267 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:31.848 [Webserver] debug: Using existing session
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:31.848 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:31.849 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:31.849 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:34:31.849 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.038 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:34.041 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:34.042 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:34:34.057 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.057 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, 					cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:34.058 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, 					subtree=dc=integration-tests-stable,dc=famedly,dc=de, 					scope: sub, 					filter: (persistentId=objectbject)
Jan-2 12:34:34.071 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.077 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:34:34.077 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:34:34.077 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:34.077 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:34.077 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:36.478 [Webserver] debug: Creating new session
Jan-2 12:34:36.478 [StageHandler (login)] info: Got request
Jan-2 12:34:36.478 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:34:36.479 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:36.480 [StageHandler (login)] info: Stage is valid
Jan-2 12:34:36.480 [PasswordProvider Ldap] info: Checking password for krille_test44...
Jan-2 12:34:36.480 [PasswordProvider Ldap] verbose: getLoginInfo: start for krille_test44
Jan-2 12:34:38.715 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:38.721 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=krille_test44 using filter (&(|(objectClass=inetOrgPerson))(uid=krille_test44)(enabled=TRUE))
Jan-2 12:34:38.728 [PasswordProvider Ldap] verbose: ldap: found one user for krille_test44 with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:38.728 [PasswordProvider Ldap] verbose: ldap: found entry for user=krille_test44: {"dn":"uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test44"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116,52,52]}}}
Jan-2 12:34:38.729 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=krille_test44
Jan-2 12:34:40.966 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=krille_test44 as uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:40.970 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=krille_test44 succeeded with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:40.970 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:34:40.970 [UsernameMapper] verbose: Converting username=krille_test44 with persistentId=a6-h5t-4=watch=xpak651ufzkb4tsxqe84vg4zq to localpart using mode=HMAC-SHA256
Jan-2 12:34:40.972 [PasswordProvider Ldap] info: Setting username to t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:40.972 [StageHandler (login)] info: Stage got completed
Jan-2 12:34:40.972 [StageHandler (login)] info: Successfully identified, passing on request!
Jan-2 12:34:40.972 [Api] info: Received login request
Jan-2 12:34:40.972 [Api] verbose: Session seems valid, attempting login with matrix server...
Jan-2 12:34:40.972 [Api] verbose: Generating token for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:41.058 [Api] info: Successfully logged in!
Jan-2 12:34:41.059 [Api] verbose: Checking if name should be updated
Jan-2 12:34:41.071 [Api] verbose: Name does not need to be updated
Jan-2 12:34:41.235 [Webserver] debug: Creating new session
Jan-2 12:34:41.235 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:41.235 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:34:41.236 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:41.236 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:44.153 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:49.336 [Webserver] debug: Creating new session
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:34:49.336 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:49.337 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:49.427 [Webserver] debug: Using existing session
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:49.427 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:49.427 [PasswordProvider Ldap] info: Checking password for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:49.427 [PasswordProvider Ldap] verbose: getLoginInfo: start for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.699 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:51.709 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg using filter (&(|(objectClass=inetOrgPerson))(uid=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg)(enabled=TRUE))
Jan-2 12:34:51.717 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg,undefined, fetching from username mapper...
Jan-2 12:34:51.717 [UsernameMapper] verbose: Looking up username from localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg in mode=HMAC-SHA256
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=krille_test44 for localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, 					cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:51.718 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, 					subtree=dc=integration-tests-stable,dc=famedly,dc=de, 					scope: sub, 					filter: (persistentId=objectbject)
Jan-2 12:34:51.723 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=krille_test44 mapped from localpart=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:51.732 [PasswordProvider Ldap] verbose: ldap: found one user for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:51.732 [PasswordProvider Ldap] verbose: ldap: found entry for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg: {"dn":"uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"krille_test44"},"raw":{"uid":{"type":"Buffer","data":[107,114,105,108,108,101,95,116,101,115,116,52,52]}}}
Jan-2 12:34:51.733 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:54.009 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg as uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:54.014 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg succeeded with dn=uid=krille_test44,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:34:54.014 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:34:54.014 [UsernameMapper] verbose: Converting username=t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg with persistentId=a6-h5t-4=watch=xpak651ufzkb4tsxqe84vg4zq to localpart using mode=HMAC-SHA256
Jan-2 12:34:54.016 [PasswordProvider Ldap] info: Setting username to t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg
Jan-2 12:34:54.016 [StageHandler (uploadDeviceSigningKeys)] info: Stage got completed
Jan-2 12:34:54.016 [StageHandler (uploadDeviceSigningKeys)] info: Successfully identified, passing on request!
Jan-2 12:34:54.016 [Api] info: Proxying request /_matrix/client/v3/keys/device_signing/upload...
Jan-2 12:34:54.016 [Api] verbose: Generating token for t5mfe9f2wt92ateva6f4yr2zrm44zwfa1j1v7rxhbuygbpyw6pjg...
Jan-2 12:34:54.019 [Webserver] debug: Using existing session
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:54.019 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:34:54.019 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:34:54.019 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.243 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:34:56.245 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:34:56.252 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:34:56.265 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:34:56.265 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, 					cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:34:56.266 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, 					subtree=dc=integration-tests-stable,dc=famedly,dc=de, 					scope: sub, 					filter: (persistentId=objectbject)
Jan-2 12:34:56.280 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.293 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:34:56.293 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:34:56.293 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:34:56.294 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:34:56.294 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:34:56.404 [Api] info: Successfully sent request to homeserver
Jan-2 12:35:06.379 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:16.501 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:23.893 [Webserver] debug: Using existing session
Jan-2 12:35:23.893 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:23.894 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:35:23.894 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:35:23.894 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.339 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:35:26.342 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:35:26.348 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, 					cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:35:26.348 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, 					subtree=dc=integration-tests-stable,dc=famedly,dc=de, 					scope: sub, 					filter: (persistentId=objectbject)
Jan-2 12:35:26.355 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.370 [PasswordProvider Ldap] warn: ldap: Found 0 entries for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, login not possible
Jan-2 12:35:26.371 [PasswordProvider Ldap] info: getLoginInfo: Could not find or authenticate hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470, aborting
Jan-2 12:35:26.371 [PasswordProvider Ldap] verbose: getLoginInfo: found dn= for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:35:26.371 [PasswordProvider Ldap] info: Invalid username/password
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] info: User didn't manage to complete this stage
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:35:26.371 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:26.587 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:36.693 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:46.808 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:52.200 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:35:52.715 [Webserver] debug: Creating new session
Jan-2 12:35:52.716 [StageHandler (login)] info: Got request
Jan-2 12:35:52.716 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:35:52.716 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:52.716 [StageHandler (login)] info: Stage is valid
Jan-2 12:35:52.716 [StageHandler (login)] info: User didn't manage to complete this stage
Jan-2 12:35:52.717 [StageHandler (login)] info: Fetching parameters...
Jan-2 12:35:52.718 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:35:56.937 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:05.482 [Webserver] debug: Creating new session
Jan-2 12:36:05.482 [StageHandler (login)] info: Got request
Jan-2 12:36:05.482 [StageHandler (login)] info: Requesting stage m.login.password...
Jan-2 12:36:05.483 [StageHandler (login)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:05.483 [StageHandler (login)] info: Stage is valid
Jan-2 12:36:05.484 [PasswordProvider Ldap] info: Checking password for duan_test1...
Jan-2 12:36:05.484 [PasswordProvider Ldap] verbose: getLoginInfo: start for duan_test1
Jan-2 12:36:07.828 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:36:07.829 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:07.832 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=duan_test1 using filter (&(|(objectClass=inetOrgPerson))(uid=duan_test1)(enabled=TRUE))
Jan-2 12:36:07.840 [PasswordProvider Ldap] verbose: ldap: found one user for duan_test1 with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:07.841 [PasswordProvider Ldap] verbose: ldap: found entry for user=duan_test1: {"dn":"uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"duan_test1"},"raw":{"uid":{"type":"Buffer","data":[100,117,97,110,95,116,101,115,116,49]}}}
Jan-2 12:36:07.841 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=duan_test1
Jan-2 12:36:10.088 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=duan_test1 as uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:10.091 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=duan_test1 succeeded with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:10.092 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:36:10.092 [UsernameMapper] verbose: Converting username=duan_test1 with persistentId=374ewxrd6k9rw=oxaxstm7rx76tql5r73w1nnncv to localpart using mode=HMAC-SHA256
Jan-2 12:36:10.092 [PasswordProvider Ldap] info: Setting username to hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:10.093 [StageHandler (login)] info: Stage got completed
Jan-2 12:36:10.093 [StageHandler (login)] info: Successfully identified, passing on request!
Jan-2 12:36:10.093 [Api] info: Received login request
Jan-2 12:36:10.093 [Api] verbose: Session seems valid, attempting login with matrix server...
Jan-2 12:36:10.093 [Api] verbose: Generating token for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:10.167 [Api] info: Successfully logged in!
Jan-2 12:36:10.167 [Api] verbose: Checking if name should be updated
Jan-2 12:36:10.187 [Api] verbose: Name does not need to be updated
Jan-2 12:36:17.936 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:28.036 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:38.155 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:41.795 [Webserver] debug: Creating new session
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: No type specified, returning blank reply
Jan-2 12:36:41.795 [StageHandler (uploadDeviceSigningKeys)] info: Fetching parameters...
Jan-2 12:36:41.796 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:42.118 [Webserver] debug: Using existing session
Jan-2 12:36:42.118 [StageHandler (uploadDeviceSigningKeys)] info: Got request
Jan-2 12:36:42.118 [StageHandler (uploadDeviceSigningKeys)] info: Requesting stage m.login.password...
Jan-2 12:36:42.125 [StageHandler (uploadDeviceSigningKeys)] debug: Next acceptable stages: m.login.password
Jan-2 12:36:42.125 [StageHandler (uploadDeviceSigningKeys)] info: Stage is valid
Jan-2 12:36:42.125 [PasswordProvider Ldap] info: Checking password for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:42.126 [PasswordProvider Ldap] verbose: getLoginInfo: start for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.524 [PasswordProvider Ldap] verbose: Binding to LDAP using configured bindDN....
Jan-2 12:36:44.528 [PasswordProvider Ldap] verbose: ldap: search subtree=dc=integration-tests-stable,dc=famedly,dc=de for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 using filter (&(|(objectClass=inetOrgPerson))(uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470)(enabled=TRUE))
Jan-2 12:36:44.542 [PasswordProvider Ldap] verbose: ldap: couldn't find user with dn=uid=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470,undefined, fetching from username mapper...
Jan-2 12:36:44.542 [UsernameMapper] verbose: Looking up username from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 in mode=HMAC-SHA256
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: usernameMapper: found cached username=duan_test1 for localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: usernameMapper: trying to find user with persistentId=persistentId, 					cached value is '[object Object]', escaped to 'objectbject'
Jan-2 12:36:44.543 [PasswordProvider Ldap] verbose: ldap: search via pid: persistentId=objectbject, 					subtree=dc=integration-tests-stable,dc=famedly,dc=de, 					scope: sub, 					filter: (persistentId=objectbject)
Jan-2 12:36:44.546 [PasswordProvider Ldap] verbose: ldap: trying to retrieve dn for username=duan_test1 mapped from localpart=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: found one user for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: found entry for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470: {"dn":"uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de","utf8":{"uid":"duan_test1"},"raw":{"uid":{"type":"Buffer","data":[100,117,97,110,95,116,101,115,116,49]}}}
Jan-2 12:36:44.553 [PasswordProvider Ldap] verbose: ldap: Binding as "uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de" for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:46.685 [PasswordProvider Ldap] verbose: ldap: Bound successfully for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 as uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:46.687 [PasswordProvider Ldap] verbose: getLoginInfo: login for user=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 succeeded with dn=uid=duan_test1,ou=users,dc=integration-tests-stable,dc=famedly,dc=de
Jan-2 12:36:46.687 [PasswordProvider Ldap] info: Successfully authenticated user
Jan-2 12:36:46.687 [UsernameMapper] verbose: Converting username=hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470 with persistentId=374ewxrd6k9rw=oxaxstm7rx76tql5r73w1nnncv to localpart using mode=HMAC-SHA256
Jan-2 12:36:46.688 [PasswordProvider Ldap] info: Setting username to hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470
Jan-2 12:36:46.688 [StageHandler (uploadDeviceSigningKeys)] info: Stage got completed
Jan-2 12:36:46.688 [StageHandler (uploadDeviceSigningKeys)] info: Successfully identified, passing on request!
Jan-2 12:36:46.688 [Api] info: Proxying request /_matrix/client/v3/keys/device_signing/upload...
Jan-2 12:36:46.688 [Api] verbose: Generating token for hwn31ptwqq6r1r65fukx2k0yxebwtqjhwq2uep53xmz6nu0g0470...
Jan-2 12:36:46.863 [Api] info: Successfully sent request to homeserver
Jan-2 12:36:48.253 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:36:58.330 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:08.435 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:18.545 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:28.658 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:38.759 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:48.881 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:37:59.266 [StageHandler (login)] info: Handling GET endpoint...
Jan-2 12:38:09.377 [StageHandler (login)] info: Handling GET endpoint...

In GitLab by @nikzen on Jan 13, 2023, 14:53

moved from undefined##undefined

In GitLab by @nikzen on Jan 16, 2023, 14:53

Changing the password using the admin-panel seems to show weird behavior. Based on the hash of the password the login is working or not.

If there is a \\ in the hash the login does not work.

In GitLab by @nikzen on Jan 17, 2023, 16:59

I need to open the issue as \+ also breaks everything.


For changing the password using the admin-api, it is not possible to login again if the hashes look like this:

- userPassword={SSHA}6m6tJ\+pouoQJ/MvtXlfWHQ2Nt8DtVx9FxDeYAbUQrYRRQGGgVCsHhWoDNkqJ13H8jMQWFg==
- userPassword={SSHA}xI8AGlyyvJ9nsccvVxKVR7APhiCqRjOWxx4fNIBAIy\+Z8ktqbBbIHgjVZNQ/8kMTxg3SAA==
- userPassword={SSHA}t4fjygOhqZDNqszqh8zppktxqZI5qQMerDOVwYImYRpeS\+ROqsXSkWBEVEZTyuOxL28Mkg==

If the hashes look like this, it works:

- userPassword={SSHA}IKL98NZKsw5KR0sQtC8v4drIGvY1HKj4nYY4hHNb6zjBL9P4wLtdf93g3IWBlbsBXk4vZg==
- userPassword={SSHA}DmsoYviwQavRjpWd7b4N84E7cPkDX7jk9kRGrO/DDFibL4CkMGdTqlLNEV2EOShNfgR1qg==

In GitLab by @nikzen on Jan 17, 2023, 17:47

This was how it looked yesterday:

Broken:

  • userPassword={SSHA}n4pY8IG4fYldzbdyMpfJW11ilQa674IuZPGLF/zcZShWfWs7nlW\\+pDilXQYq4Q\\+XyQ9FYw==
  • userPassword={SSHA}0VafBSqL8qhnUFIK\\+J9kvqW7aZmWBaomE331PQpPDUeCzmX6VX75rcvpyQcHOjyxTbcP8g==
  • userPassword={SSHA}1R8olnsRHZm/V9GC89rKDh2bNCk9E7c2Wn/Yz\\+LoDayypFlX/zYAjsLduMD1yvhhw8E\\+yQ==

Not Broken:

  • userPassword={SSHA}vkb1RL75LQcgd6nTyXScUcGeeNMPodZbUXMpu430OohrjEoxdZzkk2QZvri44jcniQgNoA==
  • userPassword={SSHA}pdqplkkwwimHIe5cVTiZUruueXEkovQPHQxvNQBhMQiEqFDT3yA9dtOoll0vTGiho3blsQ==

In GitLab by @nikzen on Jan 17, 2023, 17:48

It seems we need to escape \\+ and not only \\

In GitLab by @maren-r on Jan 18, 2023, 13:02

mentioned in issue undefined##undefined