Unable to login via htpasswd file for some users, Error: 500 Internal Server Error
timur-ND opened this issue · comments
I faced the issue with authentication to UI via htpasswd file (via cli also doesn't work properly). I use docker image. After trying to login to UI, I got error Error: 500 Internal Server Error and I see these pypi-server logs:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/pypiserver/bottle.py", line 869, in _handle
return route.call(**args)
File "/usr/local/lib/python3.8/site-packages/pypiserver/bottle.py", line 1749, in wrapper
rv = callback(*a, **ka)
File "/usr/local/lib/python3.8/site-packages/pypiserver/_app.py", line 45, in protector
if not config.auther(*request.auth):
File "/usr/local/lib/python3.8/site-packages/pypiserver/config.py", line 750, in auther
return loaded_pw_file.check_password(uname, pw)
File "/usr/local/lib/python3.8/site-packages/passlib/apache.py", line 861, in check_password
ok, new_hash = self.context.verify_and_update(password, hash)
File "/usr/local/lib/python3.8/site-packages/passlib/context.py", line 2433, in verify_and_update
if not record.verify(secret, hash, **clean_kwds):
File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 788, in verify
self = cls.from_string(hash, **context)
File "/usr/local/lib/python3.8/site-packages/passlib/handlers/md5_crypt.py", line 213, in from_string
return cls(salt=salt, checksum=chk)
File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1411, in __init__
salt = self._parse_salt(salt)
File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1421, in _parse_salt
return self._norm_salt(salt)
File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1459, in _norm_salt
raise ValueError("invalid characters in %s salt" % cls.name)
ValueError: invalid characters in apr_md5_crypt salt
Environment: Docker
"Cmd": [
"run",
"-o",
"-P",
"/etc/htpasswd",
"-a",
"update,download,list",
"/data/packages"
],
"Image": "pypiserver/pypiserver:v1.5.1"
But this behaviour only for several users. dreman and drone-admin user have this error, for other users everything is ok:
# cat /etc/htpasswd
front:$apr1$JWGoCNv5$ZulacVp.KW0SVck/L/vfK1
backend:$apr1$bhvTgCTQ$fXa.zAM6rCtlZ4XghP9Ic1
security:$apr1$KpmXMO27$27WvUPyV0h1gb/ID0yqC01
drone-admin:$apr1$@g9wVEO8$ismxIchr7c170xuGp2VYj.
black_bot:$apr1$ejnb2FBG$DLDskPNQlcJ6Hu290rYaM.
dreman:$apr1$!0FWoV!!$ktvc1M9Jd8ino63jJiI5f1
Tried to update htpasswd file, but result the same. Also tried to use SHA-512 hash (run htpasswd -5 /etc/htpasswd dreman - the same) :
# htpasswd /etc/htpasswd dreman
New password:
Re-type new password:
Updating password for user dreman
Restarting docker container doesn't help as well. Could you please help? What I need to do to solve that issue?