compare_digest

[hbwooley]

I've installed CKAN 2.7.3 and I have attempted to use the ckanext-security plugin. Actually I'm not sure this plugin will work with the main CKAN project. Any assistance you can provide would be great.

I do not see a csrf cookie or any cookie being set token = request.cookies.get(self.COOKIE_NAME, None) returns None and self.cache.get(self.session.id) returns None

I cannot login or register a user this is the error I get: mod_wsgi (pid=19334): Exception occurred processing WSGI script '/etc/ckan/default/apache.wsgi'. Traceback (most recent call last): File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/init.py", line 136, in call return self.apps[app_name](environ, start_response) File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/cascade.py", line 130, in call return self.apps[-1](environ, start_response) File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/common_middleware.py", line 61, in call return self.app(environ, start_response) File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/registry.py", line 379, in call app_iter = self.application(environ, start_response) File "/usr/lib/ckan/default/lib/python2.7/site-packages/beaker/middleware.py", line 156, in call return self.wrap_app(environ, session_start_response) File "/usr/lib/ckan/default/src/ckanext-security/ckanext/security/middleware.py", line 53, in call resp = request.get_response(self.app) if self.is_valid(request) else HTTPForbidden(CSRF_ERR) File "/usr/lib/ckan/default/src/ckanext-security/ckanext/security/middleware.py", line 60, in is_valid return request.is_safe() or self.unsafe_request_is_valid(request) File "/usr/lib/ckan/default/src/ckanext-security/ckanext/security/middleware.py", line 63, in unsafe_request_is_valid return request.is_secure() and request.good_referer() and self.check_cookie(request) File "/usr/lib/ckan/default/src/ckanext-security/ckanext/security/middleware.py", line 75, in check_cookie return compare_digest(token, self.cache.get(self.session.id)) TypeError: unsupported operand types(s) or combination of types: 'NoneType' and 'NoneType'

[ebuckley]

Thanks for the issue report hbwooley. I'm surprised that the cookie and session are not being created, is your cache creating keys for the csrf token?

We're actively working on support for 2.7.x , I've actually got a PR up at the moment #18. Help testing out the 2.7 branch would be appreciated if you get a chance ^^.

Note that the branch for 2.7 support requires some configuration change as we move from Memcached to Redis for the cache provider.

[hbwooley]

I found my issue, I failed to set the ckanext.security.domain correctly, thus the cookie was not being set. Once I set it correctly I found another issue: File "/usr/lib/ckan/default/src/ckanext-security/ckanext/security/middleware.py", line 75, in check_cookie return compare_digest(token, self.cache.get(self.session.id)) TypeError: 'unicode' does not have the buffer interface

I'm using Python 2.7.5, so I cast the token and the def check_cookie(self, request) as a str on the def check_cookie(self, request) where it returns the compare_digest: return compare_digest(str(token), str(self.cache.get(self.session.id)))

I'm not sure if this is the correct way to fix the the problem, but now I can login an register. Thank you for your help.

[ebuckley]

I was seeing the 'unicode does not have the buffer interface' issue on #18 as well. I used the same solution of wrapping the inputs in str().

Happy to help.