search

conwetlab / ckanext-oauth2

OAuth2 support for CKAN
GNU Affero General Public License v3.0
25 stars 56 forks source link

I am unable to View Profile of a user in CKAN using this extension #25

Closed Urtza2 closed 6 years ago

Urtza2 commented 6 years ago

I have this versions: IDM KeyRock to the last version 7.0.2 CKAN: 2.8.1 ckanext-oauth2: 0.6.1 When I click on "View Profile" I get an "Internal Server Error"

I have created an application in IDM for CKAN.

This is my production.ini extract related with this:

## OAuth2 configuration

ckan.oauth2.logout_url= https://localhost:8443/auth/logout?_method=DELETE
ckan.oauth2.register_url = https://localhost:8443/sign_up/
ckan.oauth2.reset_url = https://localhost:8443/password/request/
ckan.oauth2.edit_url = https://localhost:8443/idm/settings
ckan.oauth2.authorization_endpoint = https://localhost:8443/oauth2/authorize
ckan.oauth2.token_endpoint = https://localhost:8443/oauth2/token
ckan.oauth2.profile_api_url = https://localhost:8443/user
ckan.oauth2.client_id = e826fe8a-e917-4652-8b02-430a1beb2c46
ckan.oauth2.client_secret = 760bebd6-59a7-4a10-92f0-bbf912d4e967
ckan.oauth2.scope = all_info
ckan.oauth2.rememberer_name = auth_tkt
ckan.oauth2.profile_api_user_field = username
ckan.oauth2.profile_api_fullname_field = displayName
ckan.oauth2.profile_api_mail_field = email
ckan.oauth2.authorization_header = Bearer
#ckan.oauth2.legacy_idm = True

Aitor Magan told me that probably this extension has some problem with the IDM Keyrock 7.0.1. Isn't it?

I can't see anything in apache logs (CKAN runs in Apache https://www.ckan.com), see below:

[Wed Sep 19 10:31:43.590803 2018] [ssl:debug] [pid 12039:tid 140400660506368] ssl_engine_kernel.c(354): [client 127.0.0.1:41522] AH02034: Subsequent (No.2) HTTPS request received for child 84 (server www.ckan.com:443), referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.590867 2018] [authz_core:debug] [pid 12039:tid 140400660506368] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.590873 2018] [authz_core:debug] [pid 12039:tid 140400660506368] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.590908 2018] [authz_core:debug] [pid 12039:tid 140400660506368] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.590911 2018] [authz_core:debug] [pid 12039:tid 140400660506368] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.597198 2018] [ssl:debug] [pid 12039:tid 140400668899072] ssl_engine_kernel.c(354): [client 127.0.0.1:41522] AH02034: Subsequent (No.3) HTTPS request received for child 83 (server www.ckan.com:443), referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.597254 2018] [authz_core:debug] [pid 12039:tid 140400668899072] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.597259 2018] [authz_core:debug] [pid 12039:tid 140400668899072] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.597291 2018] [authz_core:debug] [pid 12039:tid 140400668899072] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.597295 2018] [authz_core:debug] [pid 12039:tid 140400668899072] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.601693 2018] [ssl:info] [pid 12038:tid 140400685684480] [client 127.0.0.1:41524] AH01964: Connection to child 17 established (server www.ckan.com:443)
[Wed Sep 19 10:31:43.601819 2018] [ssl:debug] [pid 12038:tid 140400685684480] ssl_engine_kernel.c(2096): [client 127.0.0.1:41524] AH02043: SSL virtual host for servername www.ckan.com found
[Wed Sep 19 10:31:43.601827 2018] [core:debug] [pid 12038:tid 140400685684480] protocol.c(2216): [client 127.0.0.1:41524] select protocol from , choices=h2,http/1.1 for server www.ckan.com
[Wed Sep 19 10:31:43.601832 2018] [ssl:debug] [pid 12038:tid 140400685684480] ssl_engine_kernel.c(2096): [client 127.0.0.1:41524] AH02043: SSL virtual host for servername www.ckan.com found
[Wed Sep 19 10:31:43.605663 2018] [ssl:debug] [pid 12038:tid 140400685684480] ssl_engine_kernel.c(2023): [client 127.0.0.1:41524] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Sep 19 10:31:43.605696 2018] [ssl:info] [pid 12038:tid 140400685684480] (70014)End of file found: [client 127.0.0.1:41524] AH01991: SSL input filter read failed.
[Wed Sep 19 10:31:43.605737 2018] [ssl:debug] [pid 12038:tid 140400685684480] ssl_engine_io.c(1017): [client 127.0.0.1:41524] AH02001: Connection closed to child 17 with standard shutdown (server www.ckan.com:443)
[Wed Sep 19 10:31:43.615353 2018] [ssl:debug] [pid 12039:tid 140400769611520] ssl_engine_kernel.c(354): [client 127.0.0.1:41522] AH02034: Subsequent (No.4) HTTPS request received for child 71 (server www.ckan.com:443), referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.615412 2018] [authz_core:debug] [pid 12039:tid 140400769611520] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.615417 2018] [authz_core:debug] [pid 12039:tid 140400769611520] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.615451 2018] [authz_core:debug] [pid 12039:tid 140400769611520] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.615454 2018] [authz_core:debug] [pid 12039:tid 140400769611520] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.733520 2018] [ssl:debug] [pid 12039:tid 140400702469888] ssl_engine_kernel.c(354): [client 127.0.0.1:41522] AH02034: Subsequent (No.5) HTTPS request received for child 79 (server www.ckan.com:443), referer: https://www.ckan.com/fanstatic/css/:version:2018-09-03T15:06:44.25/main.min.css
[Wed Sep 19 10:31:43.733578 2018] [authz_core:debug] [pid 12039:tid 140400702469888] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/fanstatic/css/:version:2018-09-03T15:06:44.25/main.min.css
[Wed Sep 19 10:31:43.733590 2018] [authz_core:debug] [pid 12039:tid 140400702469888] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/fanstatic/css/:version:2018-09-03T15:06:44.25/main.min.css
[Wed Sep 19 10:31:43.733656 2018] [authz_core:debug] [pid 12039:tid 140400702469888] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/fanstatic/css/:version:2018-09-03T15:06:44.25/main.min.css
[Wed Sep 19 10:31:43.733660 2018] [authz_core:debug] [pid 12039:tid 140400702469888] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/fanstatic/css/:version:2018-09-03T15:06:44.25/main.min.css
[Wed Sep 19 10:31:43.790617 2018] [ssl:debug] [pid 12039:tid 140400727648000] ssl_engine_kernel.c(354): [client 127.0.0.1:41522] AH02034: Subsequent (No.6) HTTPS request received for child 76 (server www.ckan.com:443), referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.790697 2018] [authz_core:debug] [pid 12039:tid 140400727648000] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.790702 2018] [authz_core:debug] [pid 12039:tid 140400727648000] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.790730 2018] [authz_core:debug] [pid 12039:tid 140400727648000] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of Require all granted: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.790732 2018] [authz_core:debug] [pid 12039:tid 140400727648000] mod_authz_core.c(809): [client 127.0.0.1:41522] AH01626: authorization result of <RequireAny>: granted, referer: https://www.ckan.com/dashboard
[Wed Sep 19 10:31:43.796941 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,796 DEBUG [ckanext.oauth2.plugin] URTZA :::: identify plugin.py
[Wed Sep 19 10:31:43.799909 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,799 INFO  [ckanext.oauth2.plugin] User admin logged using session
[Wed Sep 19 10:31:43.799981 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,799 INFO  [ckanext.oauth2.plugin] UserName is: admin
[Wed Sep 19 10:31:43.800077 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,800 INFO  [ckanext.oauth2.plugin] g.user: admin
[Wed Sep 19 10:31:43.800195 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,800 INFO  [ckanext.oauth2.plugin] toolkit c.user: admin
[Wed Sep 19 10:31:43.802049 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,801 INFO  [ckanext.oauth2.plugin] toolkit c.usertoken: {u'access_token': u'00f6ce9bde903320665182360dff821348b2ed88', u'token_type': u'Bearer', u'expires_in': u'28799', u'refresh_token': u'ebf8c3808d1dc7c41a4de04af6ee3edd4fd4a8e0'}
[Wed Sep 19 10:31:43.802221 2018] [wsgi:error] [pid 12037:tid 140400820553472] 2018-09-19 10:31:43,802 INFO  [ckanext.oauth2.plugin] toolkit c.usertoken_refresh: <functools.partial object at 0x7fb184314db8>
[Wed Sep 19 10:31:48.811217 2018] [ssl:debug] [pid 12039:tid 140400618542848] ssl_engine_io.c(1017): [remote 127.0.0.1:41522] AH02001: Connection closed to child 76 with standard shutdown (server www.ckan.com:443)

Please someone can help me to resolve this? Thanks, Urtza

Urtza2 commented 6 years ago

Please tell me which version of ckan, IDM and ckanext-oauth I have to install to work well together. Now, with my installation of IDM and CKAN works well but Logout, User view Profile functionalities fails.

For example I know that as minimum it is neccesary to install IDM 7.0.1 to work with BIZ Ecosystem (develop branch) In this case???

Thanks Urtza

Urtza2 commented 6 years ago

I solved it removing data_request plugin. Thanks to Aitor Magan.

Urtza