Bug #40935
crash sur l'URL /register/fc
Statut:
Fermé
Priorité:
Normal
Assigné à:
-
Version cible:
-
Début:
24 mars 2020
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Oui
Planning:
Non
Description
Sans doute lié à un "audit de sécurité" :
Exception:
type = '<class 'AttributeError'>', value = ''MethodDirectory' object has no attribute 'register''
Stack trace (most recent call first):
File "/usr/lib/python3/dist-packages/wcs/root.py", line 191, in _q_lookup
189 return dir
190 except KeyError:
> 191 return errors.TraversalError()
192
193
locals:
component = 'fc'
dir = <wcs.qommon.ident.franceconnect.MethodDirectory object at 0x7f3ac8029828>
self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8>
File "/usr/lib/python3/dist-packages/quixote/directory.py", line 82, in _q_traverse
80 obj = getattr(self, name)
81 else:
> 82 obj = self._q_lookup(component)
83 if obj is None:
84 raise TraversalError(private_msg=('directory %r has no component '
locals:
component = 'fc'
name = None
path = []
self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8>
File "/usr/lib/python3/dist-packages/auquotidien/modules/root.py", line 81, in _q_traverse
79 def _q_traverse(self, path):
80 get_response().filter['bigdiv'] = 'new_member'
> 81 return OldRegisterDirectory._q_traverse(self, path)
82
83 def _q_index(self):
locals:
path = ['fc']
self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8>
File "/usr/lib/python3/dist-packages/quixote/directory.py", line 88, in _q_traverse
86 if path:
87 if hasattr(obj, '_q_traverse'):
> 88 return obj._q_traverse(path)
89 else:
90 raise TraversalError
locals:
component = 'register'
name = 'register'
obj = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8>
path = ['fc']
self = <modules.root.AlternateRootDirectory object at 0x7f3acaf27978>
File "/usr/lib/python3/dist-packages/auquotidien/modules/root.py", line 296, in _q_traverse
294 return FormsRootDirectory(cat)._q_traverse(path[1:])
295
> 296 raise e
297
298
locals:
path = ['register', 'fc']
response = <wcs.qommon.http_response.HTTPResponse object at 0x7f3ac8029908>
self = <modules.root.AlternateRootDirectory object at 0x7f3acaf27978>
File "/usr/lib/python3/dist-packages/quixote/publish.py", line 241, in try_publish
239 permanent=True)
240 components = path[1:].split('/')
> 241 output = self.root_directory._q_traverse(components)
242 # The callable ran OK, commit any changes to the session
243 self.finish_successful_request()
locals:
allowed_methods = ['GET', 'HEAD', 'POST']
components = ['register', 'fc']
method = 'GET'
path = '/register/fc'
request = <wcs.compat.CompatHTTPRequest object at 0x7f3ac802b2b0>
self = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8>
File "/usr/lib/python3/dist-packages/wcs/compat.py", line 203, in process_request
201 output = self.finish_interrupted_request(exc)
202 except Exception as exc:
> 203 output = self.finish_failed_request()
204 response = request.response
205
locals:
exc = AttributeError("'MethodDirectory' object has no attribute 'register'",)
request = <wcs.compat.CompatHTTPRequest object at 0x7f3ac802b2b0>
self = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8>
File "/usr/lib/python3/dist-packages/wcs/compat.py", line 242, in quixote
240 def quixote(request):
241 pub = get_publisher()
> 242 return pub.process_request(pub.get_request())
243
244
locals:
pub = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8>
request = <WSGIRequest: GET '/register/fc'>
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 185, in _get_response
183 wrapped_callback = self.make_view_atomic(callback)
184 try:
> 185 response = wrapped_callback(request, *callback_args, **callback_kwargs)
186 except Exception as e:
187 response = self.process_exception_by_middleware(e, request)
locals:
callback = <function quixote at 0x7f3ad40c87b8>
callback_args = ()
callback_kwargs = {}
middleware_method = <bound method PrometheusStatsMiddleware.process_view of <hobo.middleware.stats.PrometheusStatsMiddleware object at 0x7f3acb76bdd8>>
request = <WSGIRequest: GET '/register/fc'>
resolver = <RegexURLResolver 'wcs.urls' (None:None) ^/>
resolver_match = ResolverMatch(func=wcs.compat.quixote, args=(), kwargs={}, url_name=quixote, app_names=[], namespaces=[])
response = None
self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>
wrapped_callback = <function quixote at 0x7f3ad40c87b8>
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 249, in _legacy_get_response
247
248 if response is None:
> 249 response = self._get_response(request)
250 return response
locals:
middleware_method = <bound method PrometheusStatsMiddleware.process_request of <hobo.middleware.stats.PrometheusStatsMiddleware object at 0x7f3acb76bdd8>>
request = <WSGIRequest: GET '/register/fc'>
response = None
self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 41, in inner
39 def inner(request):
40 try:
> 41 response = get_response(request)
42 except Exception as exc:
43 response = response_for_exception(request, exc)
locals:
get_response = <bound method BaseHandler._legacy_get_response of <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>>
request = <WSGIRequest: GET '/register/fc'>
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 124, in get_response
122 set_urlconf(settings.ROOT_URLCONF)
123
> 124 response = self._middleware_chain(request)
125
126 # This block is only needed for legacy MIDDLEWARE_CLASSES; if
locals:
request = <WSGIRequest: GET '/register/fc'>
self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>
File "/usr/lib/python3/dist-packages/django/core/handlers/wsgi.py", line 157, in __call__
155 signals.request_started.send(sender=self.__class__, environ=environ)
156 request = self.request_class(environ)
> 157 response = self.get_response(request)
158
159 response._handler_class = self.__class__
locals:
environ = {'HTTP_X_FORWARDED_SSL': 'on', 'HTTP_X_FORWARDED_PROTO': 'https', 'PATH_INFO': '/register/fc', 'wsgi.multiprocess': True, 'HTTP_X_PUBLIK_CLUSTER_BACKEND':
'wcs-balancer', 'HTTP_CONNECTION': 'close', 'REQUEST_METHOD': 'GET', 'SERVER_NAME': 'wcs', 'REQUEST_URI': '/register/fc', 'HTTP_X_REAL_IP': '176.175.106.74', 'SERVER_PORT': '80',
'HTTP_X_FORWARDED_PROTOCOL': 'ssl', 'HTTP_X_FORWARDED_FOR': '176.175.106.74, 176.175.106.74', 'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
'wsgi.version': (1, 0), 'wsgi.file_wrapper': <built-in function uwsgi_sendfile>, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SCRIPT_NAME':
'', 'uwsgi.version': b'2.0.14-debian', 'wsgi.errors': <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'>, 'REMOTE_ADDR': '176.175.106.74', 'QUERY_STRING': '', 'wsgi.multithread':
False, 'wsgi.input': <uwsgi._Input object at 0x7f3ac810a348>, 'uwsgi.node': b'wcs', 'HTTP_ACCEPT': '*/*', 'HTTP_HOST': 'formulaires.moncompte.departement13.fr'}
request = <WSGIRequest: GET '/register/fc'>
self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>
start_response = <built-in function uwsgi_spit>
Cookies:
Environment:
HTTP_ACCEPT '*/*'
HTTP_CONNECTION 'close'
HTTP_HOST 'formulaires.moncompte.departement13.fr'
HTTP_USER_AGENT 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)'
HTTP_X_FORWARDED_FOR '176.175.106.74, 176.175.106.74'
HTTP_X_FORWARDED_PROTO 'https'
HTTP_X_FORWARDED_PROTOCOL 'ssl'
HTTP_X_FORWARDED_SSL 'on'
HTTP_X_PUBLIK_CLUSTER_BACKEND 'wcs-balancer'
HTTP_X_REAL_IP '176.175.106.74'
PATH_INFO '/register/fc'
QUERY_STRING ''
REMOTE_ADDR '176.175.106.74'
REQUEST_METHOD 'GET'
REQUEST_URI '/register/fc'
SCRIPT_NAME ''
SERVER_NAME 'wcs'
SERVER_PORT '80'
SERVER_PROTOCOL 'HTTP/1.0'
uwsgi.node b'wcs'
uwsgi.version b'2.0.14-debian'
wsgi.errors <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'>
wsgi.file_wrapper <built-in function uwsgi_sendfile>
wsgi.input <uwsgi._Input object at 0x7f3ac810a348>
wsgi.multiprocess True
wsgi.multithread False
wsgi.run_once False
wsgi.url_scheme 'https'
wsgi.version (1, 0)
Fichiers
Révisions associées
Historique
Mis à jour par Frédéric Péters il y a environ 4 ans
- Fichier 0001-ident-don-t-expose-register-page-if-it-doesn-t-exist.patch 0001-ident-don-t-expose-register-page-if-it-doesn-t-exist.patch ajouté
- Statut changé de Nouveau à Solution proposée
- Patch proposed changé de Non à Oui
Mis à jour par Benjamin Dauvergne il y a environ 4 ans
- Statut changé de Solution proposée à Solution validée
Mis à jour par Frédéric Péters il y a environ 4 ans
- Statut changé de Solution validée à Résolu (à déployer)
commit a6c58319331903d101343c514e387f7b38cbbd44
Author: Frédéric Péters <fpeters@entrouvert.com>
Date: Wed Mar 25 09:01:55 2020 +0100
ident: don't expose register page if it doesn't exist for method (#40935)
Mis à jour par Frédéric Péters il y a environ 4 ans
- Statut changé de Résolu (à déployer) à Solution déployée
ident: don't expose register page if it doesn't exist for method (#40935)