Project

General

Profile

Development #44589

ipd_oidc: crash redirect_uri trop longue passée dans l'URL

Added by Frédéric Péters 7 days ago. Updated 6 days ago.

Status:
Solution proposée
Priority:
Normal
Category:
-
Target version:
-
Start date:
29 Jun 2020
Due date:
% Done:

0%

Patch proposed:
Yes
Planning:
No

Description

File "/usr/lib/python2.7/dist-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/usr/lib/python2.7/dist-packages/authentic2/decorators.py" in f
  47.             return func(request, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/authentic2_idp_oidc/views.py" in authorize
  311.             session_key=request.session.session_key)

File "/usr/lib/python2.7/dist-packages/django/db/models/manager.py" in manager_method
  85.                 return getattr(self.get_queryset(), name)(*args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/db/models/query.py" in create
  394.         obj.save(force_insert=True, using=self.db)

File "/usr/lib/python2.7/dist-packages/django/db/models/base.py" in save
  808.                        force_update=force_update, update_fields=update_fields)

File "/usr/lib/python2.7/dist-packages/django/db/models/base.py" in save_base
  838.             updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)

File "/usr/lib/python2.7/dist-packages/django/db/models/base.py" in _save_table
  924.             result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)

File "/usr/lib/python2.7/dist-packages/django/db/models/base.py" in _do_insert
  963.                                using=using, raw=raw)

File "/usr/lib/python2.7/dist-packages/django/db/models/manager.py" in manager_method
  85.                 return getattr(self.get_queryset(), name)(*args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/db/models/query.py" in _insert
  1079.         return query.get_compiler(using=using).execute_sql(return_id)

File "/usr/lib/python2.7/dist-packages/django/db/models/sql/compiler.py" in execute_sql
  1112.                 cursor.execute(sql, params)

File "/usr/lib/python2.7/dist-packages/django/db/backends/utils.py" in execute
  79.             return super(CursorDebugWrapper, self).execute(sql, params)

File "/usr/lib/python2.7/dist-packages/sentry_sdk/integrations/django/__init__.py" in execute
  434.             return real_execute(self, sql, params)

File "/usr/lib/python2.7/dist-packages/django/db/backends/utils.py" in execute
  64.                 return self.cursor.execute(sql, params)

Exception Type: DataError at /idp/oidc/authorize/
Exception Value: value too long for type character varying(200)

GET:
...
redirect_uri =
u'https://padev5bis.commeunservice.com/account-management/saintdenis-demandeurs/oidc/publik/code?redirectUrl=https%3A%2F%2Fpadev5bis.commeunservice.com%2Faides%2F%23%2Fsaintdenis%2Fconnecte%2Fdashboard%2Faccueil&jwtKey=jwt-saintdenis-portail-depot-demande-aides'

0003-idp_oidc-remove-unused-import-44589.patch View (1.44 KB) Benjamin Dauvergne, 30 Jun 2020 10:57 AM

0001-idp_oidc-change-type-of-OIDCCode.redirect_uri-44589.patch View (1.94 KB) Benjamin Dauvergne, 30 Jun 2020 10:57 AM

0002-idp_oidc-check-length-of-authorize-s-redirect_uri-44.patch View (7.26 KB) Benjamin Dauvergne, 30 Jun 2020 10:57 AM

History

#1 Updated by Benjamin Dauvergne 7 days ago

  • Subject changed from oidc, crash redirect_uri trop longue passée dans l'URL to ipd_oidc: crash redirect_uri trop longue passée dans l'URL

Il faut vérifier la longueur en entrée par rapport au champ du modèle.

Est-ce qu'on augmente aussi la longueur du champ à quelque chose de plus long, voir libre "text" ? La contrainte serait uniquement à la validation.

#2 Updated by Benjamin Dauvergne 6 days ago

  • Assignee set to Benjamin Dauvergne

#3 Updated by Benjamin Dauvergne 6 days ago

Also available in: Atom PDF