search

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack
https://doc.owncloud.com/ocis/next/
Apache License 2.0
1.36k stars 179 forks source link

Panic in OIDCWellKnownRewrite #5976

Closed mpldr closed 1 year ago

mpldr commented 1 year ago

Describe the bug

A stack trace is saying more than a thousand words:

owncloud-ocis-1  | 2023/03/30 18:27:57 http: panic serving 172.27.0.1:32524: runtime error: invalid memory address or nil pointer dereference
owncloud-ocis-1  | goroutine 4379 [running]:
owncloud-ocis-1  | net/http.(*conn).serve.func1()
owncloud-ocis-1  |  net/http/server.go:1854 +0xbf
owncloud-ocis-1  | panic({0x3d47d40, 0x59cec40})
owncloud-ocis-1  |  runtime/panic.go:890 +0x263
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.createHome.getUserRoles({{0x4217060, 0xc001de25b0}, {{{0x4225f38, 0xc001fad820}, 0x1, {0x0, 0x0}, {0xc001ba8800, 0x12, 0x1f4}, ...}}, ...}, ...)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/create_home.go:87 +0x54
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.createHome.ServeHTTP({{0x4217060, 0xc001de25b0}, {{{0x4225f38, 0xc001fad820}, 0x1, {0x0, 0x0}, {0xc001ba8800, 0x12, 0x1f4}, ...}}, ...}, ...)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/create_home.go:56 +0x1bb
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.Policies.func1.1({0x7f2de64f4318?, 0xc0022f4b40?}, 0x0?)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/policies.go:20 +0x5a4
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x1?, {0x7f2de64f4318?, 0xc0022f4b40?}, 0xc0014bb400?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.selectorCookie.ServeHTTP({{0x421dd60, 0xc0013d2c00}, {{{0x4225f38, 0xc001fad820}, 0x1, {0x0, 0x0}, {0xc001ba8800, 0x12, 0x1f4}, ...}}, ...}, ...)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/selector_cookie.go:36 +0x28d
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.accountResolver.ServeHTTP({{0x4217040, 0xc001837680}, {{{0x4225f38, 0xc001fad820}, 0x1, {0x0, 0x0}, {0xc001ba8800, 0x12, 0x1f4}, ...}}, ...}, ...)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/account_resolver.go:132 +0xa49
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.Authentication.func1.1({0x7f2de64f4318, 0xc0022f4b40}, 0xc0016bd100)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/authentication.go:64 +0x1fa
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x4232d18?, {0x7f2de64f4318?, 0xc0022f4b40?}, 0x5c891b0?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/router.Middleware.func1.1({0x7f2de64f4
318, 0xc0022f4b40}, 0xc0016bd000)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/router/router.go:31 +0x205
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0xc00194ede4?, {0x7f2de64f4318?, 0xc0022f4b40?}, 0xc001353730?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.OIDCWellKnownRewrite.func1.1({0x7f2de64f4318, 0xc0022f4b40}, 0xc0016bd000?)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_well-known.go:43 +0x308
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0xc001f54e70?, {0x7f2de64f4318?, 0xc0022f4b40?}, 0xc5f525?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.HTTPSRedirect.func1({0x7f2de64f4318, 0xc0022f4b40}, 0xc0016bd000)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/https_redirect.go:17 +0x142
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x4230840?, {0x7f2de64f4318?, 0xc0022f4b40?}, 0xc0016bd000?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/services/proxy/pkg/middleware.AccessLog.func1.1({0x4230840, 0xc000b92b60}, 0xc0016bd000)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:17 +0xc8
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x4232c70?, {0x4230840?, 0xc000b92b60?}, 0x39b4718?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/go-chi/chi/v5/middleware.RequestID.func1({0x4230840, 0xc000b92b60}, 0xc0016bcf00)
owncloud-ocis-1  |  github.com/go-chi/chi/v5@v5.0.8/middleware/request_id.go:76 +0x22d
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0xc0016bcf00?, {0x4230840?, 0xc000b92b60?}, 0xc00053e400?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/go-chi/chi/v5/middleware.RealIP.func1({0x4230840, 0xc000b92b60}, 0xc0016bcf00)
owncloud-ocis-1  |  github.com/go-chi/chi/v5@v5.0.8/middleware/realip.go:36 +0x9e
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x5703cb?, {0x4230840?, 0xc000b92b60?}, 0x4232160?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | github.com/owncloud/ocis/v2/ocis-pkg/middleware.TraceContext.func1({0x4230840, 0xc000b92b60}, 0xc0016bcd00)
owncloud-ocis-1  |  github.com/owncloud/ocis/v2/ocis-pkg/middleware/tracing.go:19 +0x184
owncloud-ocis-1  | net/http.HandlerFunc.ServeHTTP(0x0?, {0x4230840?, 0xc000b92b60?}, 0x46f9d0?)
owncloud-ocis-1  |  net/http/server.go:2122 +0x2f
owncloud-ocis-1  | net/http.serverHandler.ServeHTTP({0xc001f54e40?}, {0x4230840, 0xc000b92b60}, 0xc0016bcd00)
owncloud-ocis-1  |  net/http/server.go:2936 +0x316
owncloud-ocis-1  | net/http.(*conn).serve(0xc00162d950, {0x4232d18, 0xc001420600})
owncloud-ocis-1  |  net/http/server.go:1995 +0x612
owncloud-ocis-1  | created by net/http.(*Server).Serve
owncloud-ocis-1  |  net/http/server.go:3089 +0x5ed

No coredump available

Steps to reproduce

Steps to reproduce the behavior:

  1. Login with OIDC .well-known rewrite on
  2. ???
  3. Panic

Expected behavior

no panic

Actual behavior

panic

Setup

Please describe how you started the server and provide a list of relevant environment variables or configuration files.

```yml --- version: "3.7" services: ocis: image: owncloud/ocis:latest entrypoint: - /bin/sh command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://redacted.com OCIS_DOMAIN: "redacted.com" OCIS_LOG_LEVEL: info OCIS_LOG_COLOR: true OCIS_INSECURE: false OCIS_OIDC_ISSUER: REDACTED WEB_OIDC_CLIENT_ID: REDACTED WEB_OIDC_METADATA_URL: REDACTED WEB_OIDC_AUTHORITY: REDACTED WEB_OIDC_SCOPE: "openid profile email ocRole" PROXY_OIDC_REWRITE_WELLKNOWN: true PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: "none" PROXY_AUTOPROVISION_ACCOUNTS: true PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc" PROXY_TLS: false PROXY_ENABLE_BASIC_AUTH: true volumes: - ./ocis/config:/etc/ocis - ./ocis/data:/var/lib/ocis ports: - 127.0.0.1:9200:9200 logging: driver: "local" restart: always```

kobergj commented 1 year ago

I have fixed the panic here: https://github.com/owncloud/ocis/pull/5982

However the panic is happening because the GET call to {{ .OIDC-URL }}/.well-known/openid-configuration fails. This might still be the case after the fix