search

ging / fiware-idm

OAuth 2.0-based authentication of users and devices, user profile management, Single Sign-On (SSO) and Identity Federation across multiple administration domains.
https://keyrock-fiware.github.io
MIT License
37 stars 81 forks source link

Cannot read property 'User' of null #85

Open francucchi opened 5 years ago

francucchi commented 5 years ago

Hi all, I'm trying to integrate wirecloud with keyrock but having some issue in the Oauth2 area. When hitting protected URL of wirecloud I get redirected to keyrock for authentication which completes successfully but in debug mode I see error below:

idm:oauth_controller --> response_type_required +40s idm:oauth_controller --> load_application +0ms Executing (default): SELECT id, name, description, image, response_type, redirect_uri FROM oauth_client AS OauthClient WHERE OauthClient.id = '72f0fc79-1a89-4d9e-86f3-0a43f327ada7'; idm:oauth_controller --> authenticate_user +203ms idm:web-user_controller --> authenticate +0ms Executing (default): SELECT id, username, salt, password, enabled, email, gravatar, image, admin, date_password, starters_tour_ended FROM user AS User WHERE User.email = 'alice-the-admin@test.com'; idm:oauth_controller --> check_user_authorized_application +10ms idm:oauth_controller --> search_user_authorized_application +0ms Executing (default): SELECT User_Authorized_Application.id, User_Authorized_Application.user_id, User_Authorized_Application.oauth_client_id, User.id AS User.id, User.username AS User.username, User.gravatar AS User.gravatar, User.image AS User.image, User.email AS User.email FROM user_authorized_application AS User_Authorized_Application LEFT OUTER JOIN user AS User ON User_Authorized_Application.user_id = User.id WHERE User_Authorized_Application.user_id = 'aaaaaaaa-good-0000-0000-000000000000' AND User_Authorized_Application.oauth_client_id = '72f0fc79-1a89-4d9e-86f3-0a43f327ada7' LIMIT 1; idm:oauth_controller Error TypeError: Cannot read property 'User' of null at /root/workspaces/fiware-idm/controllers/oauth2/oauth2.js:261:33 at tryCatcher (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/promise.js:512:31) at Promise._settlePromise (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromise0 (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/promise.js:614:10) at Promise._settlePromises (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/promise.js:693:18) at Async._drainQueue (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/async.js:133:16) at Async._drainQueues (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/async.js:143:10) at Immediate.Async.drainQueues (/root/workspaces/fiware-idm/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5) +6ms POST /oauth2/authorize?state=OUXVlNXQiP26ndc3NtngRfOEANIuBjo4&redirect_uri=http://192.168.5.205/complete/fiware/&response_type=code&client_id=72f0fc79-1a89-4d9e-86f3-0a43f327ada7 200 361.051 ms - 16226 (node:13061) UnhandledPromiseRejectionWarning: Internal error (node:13061) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)

In the meanwhile in the keyrock page I get prompted with request for reading public info and clicking on Authorize button I see logs below:

idm:oauth_controller --> response_type_required +1m idm:oauth_controller --> load_application +0ms Executing (default): SELECT id, name, description, image, response_type, redirect_uri FROM oauth_client AS OauthClient WHERE OauthClient.id = '72f0fc79-1a89-4d9e-86f3-0a43f327ada7'; idm:oauth_controller --> load_user +485ms Executing (default): SELECT id, username, description, website, image, gravatar, email, salt, password, date_password, enabled, admin, starters_tour_ended, eidas_id, extra, scope FROM user AS User WHERE User.id = 'aaaaaaaa-good-0000-0000-000000000000'; idm:oauth_controller --> enable_app +37ms idm:oauth_controller --> oauth_authorize +0ms oauth2-server: authorize-handler ======AuthorizeHandler: AuthzHandle====== +1ms oauth2-server: authorize-handler ======AuthorizeHandler: getResponseType====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: handleCodeResponseType====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getClie====== +0ms idm:oauth2-model_oauth_server -------getClient------- +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getUser====== +1ms Executing (default): SELECT id, redirect_uri, token_types, jwt_secret, scope, grant_type FROM oauth_client AS OauthClient WHERE OauthClient.id = '72f0fc79-1a89-4d9e-86f3-0a43f327ada7'; oauth2-server: authorize-handler ======AuthorizeHandler: getrediretUri====== +2ms oauth2-server: authorize-handler ======AuthorizeHandler: getParameters====== +1ms oauth2-server: authorize-handler ======AuthorizeHandler: GenAuthCodeLife====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getScope====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: GenAuthzCOde====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getState====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: saveAuthzCode====== +0ms idm:oauth2-model_oauth_server -------saveAuthorizationCode------- +0ms Executing (default): INSERT INTO oauth_authorization_code (authorization_code,expires,redirect_uri,scope,valid,oauth_client_id,user_id) VALUES ('636a7d36be9a18868477d4f05d5d62f86267dae7','2019-03-07 10:30:23','http://192.168.5.205/complete/fiware/',NULL,true,'72f0fc79-1a89-4d9e-86f3-0a43f327ada7','aaaaaaaa-good-0000-0000-000000000000'); oauth2-server: authorize-handler ======AuthorizeHandler: BuildSuccessRedirce====== +51ms oauth2-server: code-response-type ======CodeResponseType: buildRedirectUri====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: UpateResponse====== +1ms POST /oauth2/enable_app?state=X4VG8PAUzVuLEEGL7Y7ADxGF82mcC8ps&redirect_uri=http://192.168.5.205/complete/fiware/&response_type=code&client_id=72f0fc79-1a89-4d9e-86f3-0a43f327ada7 302 620.478 ms - 296

but unfortunately wirecloud side this results in an error:

AuthStateMissing at /complete/fiware/

Session value state missing.

with latest method:

/usr/local/lib/python2.7/dist-packages/social_core/backends/oauth.py in validate_state

            raise AuthStateMissing(self, 'state')

and local vars:
Variable Value
request_state u'X4VG8PAUzVuLEEGL7Y7ADxGF82mcC8ps'
self <wirecloud.fiware.social_auth_backend.FIWAREOAuth2 object at 0x7f58c4b3ba10>
state None

Any idea?

Thanks in advance

francucchi commented 5 years ago

Hello, any help? Sorry to bother but this is becoming a real showstopper.

Thanks

apozohue10 commented 5 years ago

Hi @francucchi

Many thanks, there was a little bug when prompting the authorization message. We have already fixed.

Regarding de state error. Could you check if Keyrock is sending the state to Wirecloud once the authentication process has finished? This state should be the same as the one sent to /oauth2/authorize endpoint (in a query string) of Keyrock when a user is redirected to perform the authentication with Keyrock.

francucchi commented 5 years ago

Hello, I've repeated the test and here are below the debug logs from Keyrock:

[sass] skip: /oauth2/authorize nothing to do idm:oauth_controller --> response_type_required +5m idm:oauth_controller --> load_application +1ms Executing (default): SELECT id, name, description, image, response_type, redirect_uri FROM oauth_client AS OauthClient WHERE OauthClient.id = '80bd6107-70e5-40e5-8e81-a3c1c7ea064b'; idm:oauth_controller --> check_user +306ms idm:oauth_controller --> check_user_authorized_application +0ms idm:oauth_controller --> search_user_authorized_application +1ms Executing (default): SELECT User_Authorized_Application.id, User_Authorized_Application.user_id, User_Authorized_Application.oauth_client_id, User.id AS User.id, User.username AS User.username, User.gravatar AS User.gravatar, User.image AS User.image, User.email AS User.email FROM user_authorized_application AS User_Authorized_Application LEFT OUTER JOIN user AS User ON User_Authorized_Application.user_id = User.id WHERE User_Authorized_Application.user_id = 'aaaaaaaa-good-0000-0000-000000000000' AND User_Authorized_Application.oauth_client_id = '80bd6107-70e5-40e5-8e81-a3c1c7ea064b' LIMIT 1; idm:oauth_controller --> oauth_authorize +169ms oauth2-server: authorize-handler ======AuthorizeHandler: AuthzHandle====== +1ms oauth2-server: authorize-handler ======AuthorizeHandler: getResponseType====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: handleCodeResponseType====== +5ms oauth2-server: authorize-handler ======AuthorizeHandler: getClie====== +0ms idm:oauth2-model_oauth_server -------getClient------- +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getUser====== +1ms Executing (default): SELECT id, redirect_uri, token_types, jwt_secret, scope, grant_type FROM oauth_client AS OauthClient WHERE OauthClient.id = '80bd6107-70e5-40e5-8e81-a3c1c7ea064b'; oauth2-server: authorize-handler ======AuthorizeHandler: getrediretUri====== +3ms oauth2-server: authorize-handler ======AuthorizeHandler: getParameters====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: GenAuthCodeLife====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getScope====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: GenAuthzCOde====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: getState====== +1ms oauth2-server: authorize-handler ======AuthorizeHandler: saveAuthzCode====== +0ms idm:oauth2-model_oauth_server -------saveAuthorizationCode------- +0ms Executing (default): INSERT INTO oauth_authorization_code (authorization_code,expires,redirect_uri,scope,valid,oauth_client_id,user_id) VALUES ('94f27f74961526e565f0aa33404a67315ad470fb','2019-03-21 12:04:57','http://192.168.5.205/complete/fiware/',NULL,true,'80bd6107-70e5-40e5-8e81-a3c1c7ea064b','aaaaaaaa-good-0000-0000-000000000000'); oauth2-server: authorize-handler ======AuthorizeHandler: BuildSuccessRedirce====== +31ms oauth2-server: code-response-type ======CodeResponseType: buildRedirectUri====== +0ms oauth2-server: authorize-handler ======AuthorizeHandler: UpateResponse====== +1ms GET /oauth2/authorize?client_id=80bd6107-70e5-40e5-8e81-a3c1c7ea064b&redirect_uri=http://192.168.5.205/complete/fiware/&state=PdlkQiNYEE7BXw4z9wu3hJA1OJIwXyff&response_type=code 302 605.888 ms - 296 GET /version 200 11.926 ms - 261

and from wirecloud I see:

GET Variable Value
code '94f27f74961526e565f0aa33404a67315ad470fb'
state 'PdlkQiNYEE7BXw4z9wu3hJA1OJIwXyff'

/usr/local/lib/python3.6/site-packages/social_core/backends/oauth.py in validate_state

request_state 'PdlkQiNYEE7BXw4z9wu3hJA1OJIwXyff'
self <wirecloud.fiware.social_auth_backend.FIWAREOAuth2 object at 0x7f223bea3ac8>
state None

Any idea?

Thanks