Page MenuHomePhabricator

Fatal error when adding a duplicate SSH key
Closed, ResolvedPublic

Description

LDAP smartly rejects duplicate SSH keys, but we are not catching the error that results so the user sees a fatal instead of a nice message that the key already exists. Probably needs two layers of fixing: check for dups before sending to LDAP and also handle the LDAP errors more gracefully.

2017-06-14T19:39:46Z [138e475e1a324dba8523c9cd63e04dbb] django.request ERROR: Internal Server Error: /profile/settings/ssh-keys/add
Traceback (most recent call last):
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "./striker/profile/views.py", line 120, in ssh_key_add
    ldapuser.save()
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldapdb/models/base.py", line 122, in save
    connection.modify_s(self.dn, modlist)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldapdb/backends/ldap/base.py", line 249, in modify_s
    return cursor.connection.modify_s(dn, modlist)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 566, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 669, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 673, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 680, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 687, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 263, in _ldap_call
    result = func(*args,**kwargs)
ldap.TYPE_OR_VALUE_EXISTS: {'info': 'sshPublicKey: value #0 provided more than once', 'desc': 'Type or value exists'}

Event Timeline

bd808 created this task.Jun 14 2017, 10:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2017, 10:33 PM
bd808 moved this task from Backlog to Ready on the Striker board.Jul 9 2017, 11:05 PM

Change 364139 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker@master] Check to see if ssh key is a duplicate

https://gerrit.wikimedia.org/r/364139

Restricted Application added a project: User-bd808. · View Herald TranscriptJul 10 2017, 12:27 AM
bd808 moved this task from Ready to Doing on the Striker board.

Change 364139 merged by BryanDavis:
[labs/striker@master] Check to see if ssh key is a duplicate

https://gerrit.wikimedia.org/r/364139

Change 370139 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker/deploy@master] Tool account creation and more

https://gerrit.wikimedia.org/r/370139

Change 370139 merged by jenkins-bot:
[labs/striker/deploy@master] Tool account creation and more

https://gerrit.wikimedia.org/r/370139

bd808 closed this task as Resolved.Aug 23 2017, 5:54 PM

Now gives error message "Public key SHA256:<fingerprint> already in use."

bd808 moved this task from Doing to Done on the Striker board.Aug 24 2017, 7:29 PM