search

cve-search / vulnerability-lookup

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
https://vulnerability.circl.lu
GNU Affero General Public License v3.0
136 stars 16 forks source link

Internal Server Error when setting a new password after forgotten the older. #66

Closed FafnerKeyZee closed 2 months ago

FafnerKeyZee commented 3 months ago

Hello,

When I reset an account using the forgotten password link and then set my new password I got the following error

2024-08-16 07:08:52,146 website.web.bootstrap ERROR:Exception on /user/confirm_account/ImFkbWluIg.Zr7eyA.6PilybuODSI5gDTqgbrOWsuNRSg [POST]
Traceback (most recent call last):
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/app.py", line 1473, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/app.py", line 882, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask_restx/api.py", line 672, in error_router
    return original_handler(e)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
  File "/home/user/vulnerability-lookup/website/web/views/user.py", line 224, in confirm_account
    application.config["ENFORCE_2FA"]
KeyError: 'ENFORCE_2FA'
FafnerKeyZee commented 3 months ago

Ok solved. Was missing the key: ENFORCE_2FA in my config file website.py.

Can you please add more check when updating the project with poetry in order to be sure that the config is consistent ? Regards

cedricbonhomme commented 3 months ago

Hello,

Interesting because you were supposed to get a warning message, if you have re-launched the update command (since it has changed). It must specify the name of the missing configuration variable. Do you remember seeing this message?

FafnerKeyZee commented 3 months ago

Hey,

To be honest I remember that last message was about the migration of the DB which was already done and created an error. So I deleted the key and ran the update again:

* Update repository.

Already up to date.
Submodule path 'vulnerabilitylookup/feeders/cvelistv5': checked out '720f8b476385e409a436962f8321624c717b36cb'
Submodule path 'vulnerabilitylookup/feeders/github': checked out '24b4ab5ea0a786955c9de901601d6cdbfa6e653d'
Submodule path 'vulnerabilitylookup/feeders/ossf_malicious_packages': checked out '7d1215d3e8dc16c09ea9165218bd6a1776cb0599'
Submodule path 'vulnerabilitylookup/feeders/pysec': checked out '21942198c30849559c06bd42121e7179ce0d6616'

* Install/update dependencies.
Installing dependencies from lock file

No dependencies to install or update

Installing the current project: vulnerabilitylookup (1.4.0)

* Validate configuration files.
The entries in /home/user/vulnerability-lookup/config/generic.json are valid.
COMMENTS_MODERATION missing from /home/user/vulnerability-lookup/config/website.py.
DEBUG missing from /home/user/vulnerability-lookup/config/website.py.
ENFORCE_2FA missing from /home/user/vulnerability-lookup/config/website.py.
FEED_MAX_PER_PAGE missing from /home/user/vulnerability-lookup/config/website.py.

* Update configuration files.
No updates needed in /home/user/vulnerability-lookup/config/generic.json.

* Migrate database.

 * Tip: There are .env or .flaskenv files present. Do "pip install python-dotenv" to use them.
INFO  [alembic.runtime.migration] Context impl PostgresqlImpl.
INFO  [alembic.runtime.migration] Will assume transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> 7e42683b12cd, new bundle table
Traceback (most recent call last):
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1967, in _exec_single_context
    self.dialect.do_execute(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/default.py", line 924, in do_execute
    cursor.execute(statement, parameters)
psycopg2.errors.DuplicateTable: relation "bundle" already exists

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/bin/flask", line 8, in <module>
    sys.exit(main())
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/cli.py", line 1105, in main
    cli.main()
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask/cli.py", line 386, in decorator
    return ctx.invoke(f, *args, **kwargs)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask_migrate/cli.py", line 154, in upgrade
    _upgrade(directory, revision, sql, tag, x_arg)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask_migrate/__init__.py", line 111, in wrapped
    f(*args, **kwargs)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/flask_migrate/__init__.py", line 200, in upgrade
    command.upgrade(config, revision, sql=sql, tag=tag)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/command.py", line 406, in upgrade
    script.run_env()
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/script/base.py", line 582, in run_env
    util.load_python_file(self.dir, "env.py")
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 95, in load_python_file
    module = load_module_py(module_id, path)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 113, in load_module_py
    spec.loader.exec_module(module)  # type: ignore
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/home/user/vulnerability-lookup/website/migrations/env.py", line 95, in <module>
    run_migrations_online()
  File "/home/user/vulnerability-lookup/website/migrations/env.py", line 87, in run_migrations_online
    context.run_migrations()
  File "<string>", line 8, in run_migrations
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/runtime/environment.py", line 946, in run_migrations
    self.get_context().run_migrations(**kw)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/runtime/migration.py", line 628, in run_migrations
    step.migration_fn(**kw)
  File "/home/user/vulnerability-lookup/website/migrations/versions/7e42683b12cd_new_bundle_table.py", line 21, in upgrade
    op.create_table(
  File "<string>", line 8, in create_table
  File "<string>", line 3, in create_table
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/operations/ops.py", line 1311, in create_table
    return operations.invoke(op)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/operations/base.py", line 442, in invoke
    return fn(self, operation)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/operations/toimpl.py", line 131, in create_table
    operations.impl.create_table(table)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/ddl/impl.py", line 369, in create_table
    self._exec(schema.CreateTable(table))
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/alembic/ddl/impl.py", line 210, in _exec
    return conn.execute(construct, params)
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1418, in execute
    return meth(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/sql/ddl.py", line 180, in _execute_on_connection
    return connection._execute_ddl(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1529, in _execute_ddl
    ret = self._execute_context(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1846, in _execute_context
    return self._exec_single_context(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1986, in _exec_single_context
    self._handle_dbapi_exception(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 2353, in _handle_dbapi_exception
    raise sqlalchemy_exception.with_traceback(exc_info[2]) from e
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1967, in _exec_single_context
    self.dialect.do_execute(
  File "/home/user/.cache/pypoetry/virtualenvs/vulnerabilitylookup-mbsOsXE9-py3.10/lib/python3.10/site-packages/sqlalchemy/engine/default.py", line 924, in do_execute
    cursor.execute(statement, parameters)
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.DuplicateTable) relation "bundle" already exists

[SQL: 
CREATE TABLE bundle (
    uuid UUID NOT NULL, 
    vulnerability_lookup_origin UUID NOT NULL, 
    name VARCHAR NOT NULL, 
    description VARCHAR NOT NULL, 
    description_format VARCHAR, 
    creation_timestamp TIMESTAMP WITH TIME ZONE DEFAULT now() NOT NULL, 
    timestamp TIMESTAMP WITH TIME ZONE DEFAULT now() NOT NULL, 
    related_vulnerabilities JSONB, 
    meta JSONB, 
    author_id INTEGER NOT NULL, 
    PRIMARY KEY (uuid), 
    FOREIGN KEY(author_id) REFERENCES "user" (id)
)

]
(Background on this error at: https://sqlalche.me/e/20/f405)

YES it is in , but was lost in all the alchemy errors :/

Regards,

cedricbonhomme commented 2 months ago

Concerning the database error, you can solve it by stamping the migration. See here:

https://vulnerability-lookup.readthedocs.io/en/latest/installation.html#user-accounts

the line:

$ poetry run flask --app website.app db stamp head

This is something we've added to the documentation at some point later. After you migrated your instance. Normally you only have to do this once when installing the software in order to prevent the execution of migrations that are useless since after a fresh installation the models are sync with the database.

cedricbonhomme commented 2 months ago

I closes this for now. But feel free to re-open in the case your database were stamped.