Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

Ticket #3272 (closed defect: fixed)

Last modified 15 months ago

Illegal Key value: EBox::Auth_EBox

Reported by:	commi1993@…	Owned by:	jacalvo@…
Milestone:	nice to have someday	Component:	dashboard
Severity:	normal	Keywords:	RFC2068, cookie, python, illegal key value
Cc:

Description

Hi :)

This error-message is not generated by Zentyal, but from a Python-application that uses Python's SimpleCookie?.

Zentyal-Cookie EBoxAuth_EBox is a not-valid Cookie-name! -> RFC2965

Quote:

"RFC2109 section 4.1 states that the the cookie name (attr) is of type "token", which in RFC2068 section 2.2 is defined as any chars excluding control characters and special characters. RFC2068 lists special characters as tspecials = "(" | ")" | "<" | ">" | "@"

| "," | ";" | ":" | "\" | <"> | "/" | "|?" | "?" | "=" | "{" | "}" | SP | HT

... so the ":" in a cookie name should not be allowed."

from: http://bugs.python.org/issue2193#msg63037

SimpleCookie? only filters comma (,) semi-colons (;) and whitespaces ( ).

So, Zentyals auth-cookie is not valid and because of that, the Python-app does not run without a small fix.

It would be great if you change the Cookie-Template to make it RFC2068-compliant.

Attachments

Change History

comment:1 Changed 20 months ago by jamor@…

Status changed from new to closed
Resolution set to fixed

(In [23262]) Changed cookie name to remove forbidden characters which couldd incompatible with some applications closes #3272

comment:2 Changed 20 months ago by commi1993@…

Wow, fast response :)

Thank you!

comment:3 Changed 20 months ago by jamor@…

No, thanks to you for your detailed bug report, Commi1993.

We have already committed the code to fix this to the repository.

If you want to hotfix your server, follow this steps:

1) Open /usr/share/zentyal/stubs/core/apache.mas

2) Look for this section in the file:

PerlModule EBox::Auth
PerlSetVar EBoxPath /
PerlSetVar EBoxLoginScript /Login/Index
PerlSetVar EBoxSatisfy Any
PerlSetVar AuthCookieDebug 0

3) Add this line:

PerlSetVar EBoxCookieName Zentyal

4) Restart Zentyal web administration with:

/etc/init.d/zentyal apache restart

Cheers,

Javier

comment:4 Changed 20 months ago by commi1993@…

Status changed from closed to reopened
Resolution fixed deleted

I've reopened cause r23320 .

comment:5 Changed 20 months ago by jamor@…

Milestone changed from 2.2.X to nice to have someday

We have some problems with sessions when the upgrade so we have rolled back the change. If you need it you could always apply manually the patch.

comment:6 Changed 17 months ago by jacalvo@…

Type changed from task to defect

comment:7 Changed 15 months ago by jacalvo@…

Status changed from reopened to closed
Resolution set to fixed

This has been fixed in 2.3 and will be included in the first 2.3 installer which will be released really soon. Thanks for reporting!

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:	Milestone:
Component:	Severity:
Keywords:	Add/Remove from Cc:	<Author field>

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: