wildcardcorp / factored

Pluggable 2 factor authentication
15 stars 3 forks source link

AssertionError: Connection is a "hop-by-hop" header; it cannot be used by a WSGI application (see PEP 3333) #5

Open GerbenKwakkel opened 8 years ago

GerbenKwakkel commented 8 years ago

After logon with Google Authenticator, i proxy'ed to another internal server i got the following error:

AssertionError: Connection is a "hop-by-hop" header; it cannot be used by a WSGI application (see PEP 3333)

This is the setting in my config:

[app:proxy]
use = egg:factored#simpleproxy
server = 10.0.12.21
port = 80
urlscheme = http

10.0.12.22:8000 is my Factored machine.

Anyone knows what i doing wrong?

vangheem commented 8 years ago

Looks like WSGI doesn't support it: https://www.python.org/dev/peps/pep-0333/

Wonder if there is a way around it since it is just proxying.

GerbenKwakkel commented 8 years ago

Thanks for the reaction.

But how can i forward from Factored authentication to my internal web application? What i try, in all situations i get the hop-by-hop header error.

vangheem commented 8 years ago

Yes, I'm not sure. I've never seen this and I don't know what your backend server looks like.

You could try integrating with a proxy server instead: https://factored.readthedocs.org/en/latest/webserverplugins.html

Otherwise, maybe try disabling the hop-by-hop on your webserver?

What is the full traceback of the factored error? Can you try commenting out those lines of code that force the AssertionError and see how it behaves ignoring the headers?

GerbenKwakkel commented 8 years ago
root@FACTORED:~/factored# ./bin/pserve develop.ini
Starting server in PID 21905.
serving on http://0.0.0.0:8000
ERROR:waitress:Exception when serving /
Traceback (most recent call last):
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/channel.py", line 337, in service
    task.service()
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 173, in service
    self.execute()
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 392, in execute
    app_iter = self.channel.server.application(env, start_response)
  File "/root/factored/factored/app.py", line 169, in __call__
    return SMFilter(wrapped_app)(environ, start_response)
  File "/root/factored/factored/sm.py", line 87, in __call__
    result = self.application(environ, start_response)
  File "/root/factored/factored/app.py", line 167, in wrapped_app
    return self.app(environ2, start_response2)
  File "/root/factored/factored/app.py", line 187, in __call__
    return proxy_exact_request(environ, start_response)
  File "/root/factored/eggs/WSGIProxy-0.2.2-py2.7.egg/wsgiproxy/exactproxy.py", line 100, in proxy_exact_request
    start_response(status, headers_out)
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 384, in start_response
    'a WSGI application (see PEP 3333)' % k)
AssertionError: Connection is a "hop-by-hop" header; it cannot be used by a WSGI application (see PEP 3333)
ERROR:waitress:Exception when serving /favicon.ico
Traceback (most recent call last):
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/channel.py", line 337, in service
    task.service()
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 173, in service
    self.execute()
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 392, in execute
    app_iter = self.channel.server.application(env, start_response)
  File "/root/factored/factored/app.py", line 169, in __call__
    return SMFilter(wrapped_app)(environ, start_response)
  File "/root/factored/factored/sm.py", line 87, in __call__
    result = self.application(environ, start_response)
  File "/root/factored/factored/app.py", line 167, in wrapped_app
    return self.app(environ2, start_response2)
  File "/root/factored/factored/app.py", line 187, in __call__
    return proxy_exact_request(environ, start_response)
  File "/root/factored/eggs/WSGIProxy-0.2.2-py2.7.egg/wsgiproxy/exactproxy.py", line 100, in proxy_exact_request
    start_response(status, headers_out)
  File "/root/factored/eggs/waitress-0.8.8-py2.7.egg/waitress/task.py", line 384, in start_response
    'a WSGI application (see PEP 3333)' % k)
AssertionError: Connection is a "hop-by-hop" header; it cannot be used by a WSGI application (see PEP 3333)

This is the output, when i forward to a nginx reverse proxy with the following setting:

server {
    listen  80;
    server_name 2fa.domain.told;
    include proxy_params;

    # paths to protect
    location ~ ^/.* {
        proxy_pass http://127.0.0.1:8000;
    }

     location / {
        proxy_pass http://10.0.12.21;
    }
}

server {
    listen 80;
    include proxy_params;
    location / {
        proxy_pass http://10.0.12.21;
    }
}

Then i received the same error... When i used the develop-noproxy.ini file, after authenticate i came back at the login screen from Factored.

rayanfer32 commented 2 years ago

Use gunicorn server