input strings must be a multiple of 16 in length

[Gustavodecker]

Hello, I'm getting the error below, after typing the OTP token on the site, can you help me?

ValueError at /otp Input strings must be a multiple of 16 in length

Request Method:	POST

http://10.210.0.10/otp?key=b%27bLuur0tQTqExd1qn3ezmD0g2fEzsW0N3jsK2rp11_KE%3D%27%3A1gno2I%3A8zYNAwM1d7ORFlUfL1ZAG_MuCOQ 2.1.5 ValueError Input strings must be a multiple of 16 in length /usr/local/lib/python3.5/dist-packages/Crypto/Cipher/blockalgo.py in decrypt, line 294 /usr/bin/python3 3.5.2 ['/usr/lib/python35.zip', '/usr/lib/python3.5', '/usr/lib/python3.5/plat-x86_64-linux-gnu', '/usr/lib/python3.5/lib-dynload', '/usr/local/lib/python3.5/dist-packages', '/usr/lib/python3/dist-packages', '/opt/pyadselfservice/', '/opt/pyadselfservice/pyadselfservice/']

[kanayak123]

Try changing the value against pyadselfservice/settings.py

PYADSELFSERVICE_CRYPTKEY Recommended is 16bytes. This cryptkey is used only for encryption/decryption of the parameters passed to the server ex: user name and password

[Gustavodecker]

Okay, I did the change to other values, but the error happened again. I made the change also in the digits, from 6 to 8 and to 16, also did not work. I returned to the position of digits = 6, what value can I put in PYADSELFSERVICE_CRYPTKEY?

[kanayak123]

Looks like its something to do with padding in pycrypto library.. may be change in the version broke something... I dont have a test lab and wont be able to fix the code for a while.. You may try different combination of padding in /pyadselfservice/validateuser/crypt.py

BS = 16 pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS) unpad = lambda s : s[:-ord(s[len(s)-1:])]

Alternatively, you may try to disable encrypt/decrypt to test your deployment, but try not to keep it that way for long

change line 50 from in /pyadselfservice/validateuser/views.py from cipher_text = encrypt_val(form.cleaned_data['username']) to cipher_text = form.cleaned_data['username']

comment out line 87 and 138 in /pyadselfservice/validateuser/adpassreset.py username = decrypt_val(username)

Let me know how it goes.

[Gustavodecker]

Now you have presented me with this error. Commenting on the line "username = username.decode ("utf-8")" it does not pass the page after entering the OTP code. Thank you very much for the help, I'm insistent because I need this a lot.

[kanayak123]

Let me try to reproduce your original error and come up with a fix. I will come back shortly..

[Gustavodecker]

Thank you! cool! 🥇

[kanayak123]

I could reproduce your original error under 2 circumstances:

1. If your PYADSELFSERVICE_CRYPTKEY= value in /opt/pyadselfservice/pyadselfservice/settings.py does not have 16bytes.. Ex:- it should be PYADSELFSERVICE_CRYPTKEY='1234567890123456'
2. If you have changed BS = 16 in /pyadselfservice/validateuser/crypt.py to some other value

I suspect 1st situation is likely to occur in your setup. Please try changing the Cryptkey to 16 characters.. This key used only for ecrypting and decryting the parameters passed from web client to web server..

[Gustavodecker]

crypt.py

settings.py

otp.py

[kanayak123]

Your configuration seems correct.. I setup the lab yesterday, spent about 2 hours. I did not get padding error in my environment, until I manually changed the crypt config or the crypt key. I used Ubuntu 16.04.5 LTS with Django 1.10.8 in my lab..

What operating system do you use and what version DJANGO is jnstalled? Does Apache recorded any error logs? For easy debugging , you may stop the Apache and run django runserver which will show the errors realtime on display

Go to folder where manage.py is located inside pyadselfservice python manage.py runserver 0.0.0.0:80

[Gustavodecker]

Hello!!!!

Ubuntu 16.04.5 LTS Django 2.1.5

After shutting down apache, I turned on the runserver and the following error occurred:

[kanayak123]

I don't see any errors in the log.. This tool is never tested in Django 2.1.5.. can u install django 1.10.8

pip3 uninstall django pip3 install django==1.10.8

[Gustavodecker]

Very good!!!! Perfect!! Sensational!! Working! Many thanks, you're the guy!