Giters

pypiserver / pypiserver

Minimal PyPI server for uploading & downloading packages with pip/easy_install

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to login via htpasswd file for some users, Error: 500 Internal Server Error

timur-ND opened this issue · comments

commented

I faced the issue with authentication to UI via htpasswd file (via cli also doesn't work properly). I use docker image. After trying to login to UI, I got error Error: 500 Internal Server Error and I see these pypi-server logs:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/pypiserver/bottle.py", line 869, in _handle
    return route.call(**args)
  File "/usr/local/lib/python3.8/site-packages/pypiserver/bottle.py", line 1749, in wrapper
    rv = callback(*a, **ka)
  File "/usr/local/lib/python3.8/site-packages/pypiserver/_app.py", line 45, in protector
    if not config.auther(*request.auth):
  File "/usr/local/lib/python3.8/site-packages/pypiserver/config.py", line 750, in auther
    return loaded_pw_file.check_password(uname, pw)
  File "/usr/local/lib/python3.8/site-packages/passlib/apache.py", line 861, in check_password
    ok, new_hash = self.context.verify_and_update(password, hash)
  File "/usr/local/lib/python3.8/site-packages/passlib/context.py", line 2433, in verify_and_update
    if not record.verify(secret, hash, **clean_kwds):
  File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 788, in verify
    self = cls.from_string(hash, **context)
  File "/usr/local/lib/python3.8/site-packages/passlib/handlers/md5_crypt.py", line 213, in from_string
    return cls(salt=salt, checksum=chk)
  File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1411, in __init__
    salt = self._parse_salt(salt)
  File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1421, in _parse_salt
    return self._norm_salt(salt)
  File "/usr/local/lib/python3.8/site-packages/passlib/utils/handlers.py", line 1459, in _norm_salt
    raise ValueError("invalid characters in %s salt" % cls.name)
ValueError: invalid characters in apr_md5_crypt salt

Environment: Docker

            "Cmd": [
                "run",
                "-o",
                "-P",
                "/etc/htpasswd",
                "-a",
                "update,download,list",
                "/data/packages"
            ],
            "Image": "pypiserver/pypiserver:v1.5.1"

But this behaviour only for several users. dreman and drone-admin user have this error, for other users everything is ok:

# cat /etc/htpasswd
front:$apr1$JWGoCNv5$ZulacVp.KW0SVck/L/vfK1
backend:$apr1$bhvTgCTQ$fXa.zAM6rCtlZ4XghP9Ic1
security:$apr1$KpmXMO27$27WvUPyV0h1gb/ID0yqC01
drone-admin:$apr1$@g9wVEO8$ismxIchr7c170xuGp2VYj.
black_bot:$apr1$ejnb2FBG$DLDskPNQlcJ6Hu290rYaM.
dreman:$apr1$!0FWoV!!$ktvc1M9Jd8ino63jJiI5f1

Tried to update htpasswd file, but result the same. Also tried to use SHA-512 hash (run htpasswd -5 /etc/htpasswd dreman - the same) :

# htpasswd  /etc/htpasswd dreman
New password:
Re-type new password:
Updating password for user dreman

Restarting docker container doesn't help as well. Could you please help? What I need to do to solve that issue?