search

singularityhub / sregistry

server for storage and management of singularity images
https://singularityhub.github.io/sregistry
Mozilla Public License 2.0
103 stars 42 forks source link

AttributeError: 'NoneType' object has no attribute 'user' #342

Closed pini-gh closed 3 years ago

pini-gh commented 3 years ago

Hi,

I've just installed an sregistry instance from current master branch for testing purpose, and I'm having a hard time working with the API.

For example, the end point /v1/collections/{user}/{collection} with valid user and collection names fails with this traceback in the log:

[pid: 63|app: 0|req: 26/81] 172.18.0.4 () {44 vars in 617 bytes} [Thu Feb 18 14:29:07 2021] GET /v1/collections/pini/collec => generated 0 bytes in 176 msecs (HTTP/1.1 403) 4 headers in 115 bytes (1 switches on core 0)
GET GetNamedCollectionView
Internal Server Error: /v1/collections/pini/collec
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/ratelimit/mixins.py", line 58, in dispatch
    )(super(RatelimitMixin, self).dispatch)(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/ratelimit/decorators.py", line 30, in _wrapped
    return fn(*args, **kw)
  File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 505, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 465, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 502, in dispatch
    response = handler(request, *args, **kwargs)
  File "./shub/apps/library/views/images.py", line 702, in get
    if token.user in collection.owners.all():
AttributeError: 'NoneType' object has no attribute 'user'

Any help appreciated.

pini-gh commented 3 years ago

Adding traces into shub/apps/library/views/helpers.py I've found out that the culprit is this statement:

            return Token.objects.get(key=token.replace("BEARER", "").strip())

In my curl request I use "Bearer". This works for many others APIs. Shouldn't this replace() instruction be case insensitive?

vsoch commented 3 years ago

It usually comes directly (and only) from the Singularity client (which uses all caps) but your use case is valid too, so we can do a regular expression replace instead. Would you like to contribute a PR with the change?

vsoch commented 3 years ago

This should do the trick:

re.sub("bearer","", "Bearer 123456", flags=re.IGNORECASE).strip()
vsoch commented 3 years ago

And funnily enough, I started out with Bearer as well (as this is what I'm used to) and the there was an error of this same type because it was in all caps. Seems we just need to accept any casing :)

pini-gh commented 3 years ago

BTW a few lines above, in the validate_token method, I see:

            token = token.split(" ")[-1]  # Get rid of BEARER or Bearer <token>

How about this:

token.lower().replace("bearer", "").strip()

?

vsoch commented 3 years ago

In the weird case that someone has capital letters, we wouldn’t want to assume that making it all lowercase will always work.