search

googlearchive / simian

Simian is an enterprise-class Mac OS X software deployment solution. Google App Engine hosted server, with a client powered by the Munki open-source project.
Apache License 2.0
331 stars 51 forks source link

Application returns 500 errors for users without ACL entry #64

Closed groob closed 7 years ago

groob commented 7 years ago

With a fresh install:

I was able to see the simian UI at the appspot url, while everyone other user in the gsuite domain was getting a 500 error. As soon as I added someone to the admin ACL, that person was able to access the dashboard but my requests immediately started to return 500 errors. I had to ask them to add me.

While there's a workaround, two issues should be addressed:

Traceback:


auth_domain
Traceback (most recent call last):
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1535, in __call__
    rv = self.handle_exception(request, response, e)
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
    rv = self.router.dispatch(request, response)
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
    return route.handler_adapter(request, response)
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
    return handler.dispatch()
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 572, in dispatch
    return self.handle_exception(e, self.app.debug)
  File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/admin/__init__.py", line 176, in handle_exception
    super(AdminHandler, self).handle_exception(exception, debug_mode)
  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
    return method(*args, **kwargs)
  File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/admin/summary.py", line 49, in get
    self_report_username = auth.DoUserAuthWithSelfReportFallback()
  File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/common/auth.py", line 175, in DoUserAuthWithSelfReportFallback
    if not email.endswith('@' + settings.AUTH_DOMAIN):
  File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/settings.py", line 372, in __getattr__
    return self._Get(str(k).lower())
  File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/settings.py", line 802, in _Get
    raise AttributeError(k)
AttributeError: auth_domain
maximermilov commented 7 years ago

500 for authentication issues.

This error caused by missing AUTH_DOMAIN setting in settings.py.

groob commented 7 years ago

I have the value set in settings.cfg before deploying to app-engine.

Is there a step in the deployment that I skipped?

maximermilov commented 7 years ago

I have the value set in settings.cfg

It have to be set in src/simian/settings.py

groob commented 7 years ago

The https://github.com/google/simian/wiki/Admin-Setup page only mentions editing the settings.cfg file. Can the documentation be updated?