Occasional rpcclient errors

larrabee / freeipa-password-reset

Self-service password reset app for FreeIPA

GNU General Public License v3.0

90 stars 31 forks source link

Occasional rpcclient errors #64

Open UgnilJoZ opened 1 year ago

UgnilJoZ commented 1 year ago

Hi,

Every second time we call /setpassword, an error is shown: "rpcclient is already connected".

Screenshot(2) (1)

Manually resending the request succeeds.

If not catched, the exeption trace is the following:

Traceback (most recent call last):
  File "/opt/data/IPAPasswordReset/PasswordReset/app/views.py", line 49, in post
    PasswdManager().second_phase(request.POST['uid'], request.POST['token'], request.POST['password1'])
  File "/opt/data/IPAPasswordReset/PasswordReset/app/pwdmanager.py", line 43, in __init__
    api.Backend.rpcclient.connect()
  File "/usr/lib/python3.9/site-packages/ipalib/backend.py", line 62, in connect
    raise Exception(
Exception: rpcclient is already connected (rpcclient_139845700820416 in Thread-2)

vmario89 commented 1 year ago

i can confirm this issue. i used https://github.com/eaudeweb/freeipa-password-reset fork to make it run in general. First try to reset worked, second gave that RPC warning to me too

vmario89 commented 1 year ago

ok. this error happens so often in a row thats quite impossible to reset a password for a user. the token is sent by mail, but when i enter i get the error nearly always. had to re-enter the token and new password 5 times until it worked.

some info about version:

ipaclient version is 4.8.9,
FreeIPA 4.9.11
Fedora 36

vmario89 commented 1 year ago

same issue happens when NOT using virtualenv, instead using the system's provided python libraries. With ipaclient version 4.9.11 (same like FreeIPA server itself) it happens the same way

vmario89 commented 1 year ago

The errors comes frome https://github.com/freeipa/freeipa/blob/d7a27a24b92b85afde0bccbaaa09a3191c91c8c2/ipalib/backend.py#L63 basically

vmario89 commented 1 year ago

dirty bug fix like the following works:

vim /srv/IPAPasswordReset/PasswordReset/app/pwdmanager.py

        api.Backend.rpcclient.connect()
        self.redis = redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DB, password=settings.REDIS_PASSWORD)

add a try-except block before connect() method

        try:
            api.Backend.rpcclient.disconnect()
        except Exception as e:
            pass

        api.Backend.rpcclient.connect()
        self.redis = redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DB, password=settings.REDIS_PASSWORD)

UgnilJoZ commented 1 year ago

A cleaner solution could be to let the call to api.Backend.rpcclient.connect() depend on the connection status, which can be queried through the isconnected method. This should also fix the issue.

vmario89 commented 1 year ago

hi. Yeah indeed this is better:

vim /srv/IPAPasswordReset/PasswordReset/app/pwdmanager.py

        api.Backend.rpcclient.connect()
        self.redis = redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DB, password=settings.REDIS_PASSWORD)

should get

        if api.Backend.rpcclient.isconnected() is False:
            api.Backend.rpcclient.connect()
        self.redis = redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DB, password=settings.REDIS_PASSWORD)