Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
oauthenticator.Google raising exceptions, logins failing, after upgrade to oauthenticator 0.12
See original GitHub issueAfter upgrading oauthenticator to 0.12, I’m getting exceptions raised in the new refresh_token code from: https://github.com/jupyterhub/oauthenticator/pull/350
I get an exception TypeError("{} must be bytes".format(name)) from the last line 187 (await decrypt), because user is not None, but user.encrypted_auth_state is None. Perhaps the guard check should be more specific?
The full (uninstrumented) trace is:
2020-12-02 15:00:20.420 HST[I 2020-12-03 01:00:20.420 JupyterHub oauth2:104] OAuth redirect: 'https://improc-dev.ceresimaging.net/hub/oauth_callback'
2020-12-02 15:00:20.422 HST[I 2020-12-03 01:00:20.422 JupyterHub log:181] 302 GET /hub/oauth_login?next=%2Fhub%2F -> https://accounts.google.com/o/oauth2/v2/auth?response_type=code&redirect_uri=https%3A%2F%2Fimproc-dev.ceresimaging.net%2Fhub%2Foauth_callback&client_id=15635798787-t6km5povdmgqitff05iou7f5vck2v5ub.apps.googleusercontent.com&state=[secret]&scope=openid+email (@10.138.0.107) 2.41ms
2020-12-02 15:01:13.995 HST[E 2020-12-03 01:01:13.980 JupyterHub web:1789] Uncaught exception GET /hub/oauth_callback?state=eyJzdGF0ZV9pZCI6ICJhY2Y1YjY0ZTAwYjc0ZmQ0YWRjZmRiODk3NWMwOTY2NyIsICJuZXh0X3VybCI6ICIvaHViLyJ9&code=4/0AY0e-g6Ez0rHOzqzQIq7bHvo7kP1IBMZUorZP2jAKMvSUxiAJDCUSA9XUwU6lC0jOYNUMA&scope=email%20openid%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=ceresimaging.net&prompt=none (10.138.0.107)
2020-12-02 15:01:13.995 HST HTTPServerRequest(protocol='https', host='improc-dev.ceresimaging.net', method='GET', uri='/hub/oauth_callback?state=eyJzdGF0ZV9pZCI6ICJhY2Y1YjY0ZTAwYjc0ZmQ0YWRjZmRiODk3NWMwOTY2NyIsICJuZXh0X3VybCI6ICIvaHViLyJ9&code=4/0AY0e-g6Ez0rHOzqzQIq7bHvo7kP1IBMZUorZP2jAKMvSUxiAJDCUSA9XUwU6lC0jOYNUMA&scope=email%20openid%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=ceresimaging.net&prompt=none', version='HTTP/1.1', remote_ip='10.138.0.107')
2020-12-02 15:01:13.995 HST Traceback (most recent call last):
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/tornado/web.py", line 1704, in _execute
2020-12-02 15:01:13.995 HST result = await result
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line 224, in get
2020-12-02 15:01:13.995 HST user = await self.login_user()
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/jupyterhub/handlers/base.py", line 747, in login_user
2020-12-02 15:01:13.995 HST authenticated = await self.authenticate(data)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/jupyterhub/auth.py", line 459, in get_authenticated_user
2020-12-02 15:01:13.995 HST authenticated = await maybe_future(self.authenticate(handler, data))
2020-12-02 15:01:13.995 HST File "<string>", line 45, in authenticate
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/oauthenticator/google.py", line 190, in authenticate
2020-12-02 15:01:13.995 HST auth_state = await decrypt(encrypted)
2020-12-02 15:01:13.995 HST File "/usr/lib/python3.8/concurrent/futures/thread.py", line 57, in run
2020-12-02 15:01:13.995 HST result = self.fn(*self.args, **self.kwargs)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/jupyterhub/crypto.py", line 155, in _decrypt
2020-12-02 15:01:13.995 HST decrypted = self.fernet.decrypt(encrypted)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/cryptography/fernet.py", line 179, in decrypt
2020-12-02 15:01:13.995 HST return f.decrypt(msg, ttl)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/cryptography/fernet.py", line 75, in decrypt
2020-12-02 15:01:13.995 HST timestamp, data = Fernet._get_unverified_token_data(token)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/cryptography/fernet.py", line 94, in _get_unverified_token_data
2020-12-02 15:01:13.995 HST utils._check_bytes("token", token)
2020-12-02 15:01:13.995 HST File "/usr/local/lib/python3.8/dist-packages/cryptography/utils.py", line 29, in _check_bytes
2020-12-02 15:01:13.995 HST raise TypeError("{} must be bytes".format(name))
2020-12-02 15:01:13.995 HST TypeError: token must be bytes
2020-12-02 15:01:14.003 HST[E 2020-12-03 01:01:14.003 JupyterHub log:173] {
2020-12-02 15:01:14.003 HST "X-Scheme": "https",
2020-12-02 15:01:14.003 HST "X-Real-Ip": "10.138.0.107",
2020-12-02 15:01:14.003 HST "X-Forwarded-Server": "autohttps-7c86775d5d-gj4xf",
2020-12-02 15:01:14.003 HST "X-Forwarded-Proto": "https,http",
2020-12-02 15:01:14.003 HST "X-Forwarded-Port": "443,80",
2020-12-02 15:01:14.003 HST "X-Forwarded-Host": "improc-dev.ceresimaging.net",
2020-12-02 15:01:14.003 HST "X-Forwarded-For": "10.138.0.107,::ffff:10.48.1.103",
2020-12-02 15:01:14.003 HST "Upgrade-Insecure-Requests": "1",
2020-12-02 15:01:14.003 HST "Sec-Fetch-User": "?1",
2020-12-02 15:01:14.003 HST "Sec-Fetch-Site": "cross-site",
2020-12-02 15:01:14.003 HST "Sec-Fetch-Mode": "navigate",
2020-12-02 15:01:14.003 HST "Sec-Fetch-Dest": "document",
2020-12-02 15:01:14.003 HST "Referer": "https://accounts.google.com/",
2020-12-02 15:01:14.004 HST "Cookie": "oauthenticator-state=[secret]",
2020-12-02 15:01:14.004 HST "Accept-Language": "en-US,en;q=0.9",
2020-12-02 15:01:14.004 HST "Accept-Encoding": "gzip, deflate, br",
2020-12-02 15:01:14.004 HST "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
2020-12-02 15:01:14.004 HST "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36",
2020-12-02 15:01:14.004 HST "Host": "improc-dev.ceresimaging.net",
2020-12-02 15:01:14.004 HST "Connection": "close"
2020-12-02 15:01:14.004 HST }
I’ve instrumented it with debug print statements, and find that the problem is that
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Changes in oauthenticator
These changes resolve the known vulnerability GHSA-r7v4-jwx9-wx43. Your hub will fail to start if you do not follow the migration guide.
Read more >jupyterhub/jupyterhub - Gitter
Hi all, I'm trying to get a z2jh-k8s cluster working with the LTI Authenticator. At the moment it works iff: (I force the...
Read more >Search Results - CVE
After upgrading to version v0.12.0 or later, it's recommended that users of ... causing it to throw an unhandled error which led to...
Read more >oauthenticator - PyPI
OAuthenticator : Authenticate JupyterHub users with common OAuth providers. ... The following authentication services are supported through their own ...
Read more >Security Bulletin 15 Jun 2022
This issue is fixed in Security Update 2022-004 Catalina, ... CVE-2021-33014, An attacker can gain VxWorks Shell after login due to ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thank @consideRatio , I agree with the almost 100%, and I’m testing 0.12.3 now
I’m almost 100% this is closed by #391, so I’ve released 0.12.3 that contains that bugfix.
Thank you for the thorough report of this @snickell and thank you @manics for connecting the dots between this and #391 and @rkevin-arch for fixing the issue! ❤️ 🎉