[ckan-dev] ckanext-security in CKAN 2.7.2

• Previous message: [ckan-dev] Possible to Run paster serve Under SSL?
• Next message: [ckan-dev] ckanext-security in CKAN 2.7.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 Dear all

I am testing ckanext-security (https://github.com/data-govt-nz/ckanext-security) with my local CKAN 2.7.2 development instance.

I have two issues, first the "X-Forwarded-For header" is missing from the request, even if the Nginx config looks ok:

[...]
   location / {
      proxy_pass http://127.0.0.1:8080/;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header Host $host;
[...]

Second and more critical, even if I "bypass" the previous error, I cannot log in with any user. Password reset seems to work fine but I get always the "Login failed. Bad username or password" error. I am trying to troubleshoot this but there is no failure message, I pasted below a piece of the log output. The only hint I see is the "INFO  [repoze.who] no identities found, not authenticating". 

If anyone has an idea of what's going on I would be grateful for any advice.

Best,
Lucia


2017-10-10 10:26:24,509 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'url': u'login_generic', 'action': u'view', 'controller': u'template'} Origin: core
2017-10-10 10:26:24,510 DEBUG [ckan.config.middleware] Route support answers for POST /login_generic: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
2017-10-10 10:26:24,510 DEBUG [ckan.config.middleware] Serving request via pylons_app app
2017-10-10 10:26:24,517 INFO  [repoze.who] request classification: browser
2017-10-10 10:26:24,518 INFO  [repoze.who] -- repoze.who request started (/login_generic) --
2017-10-10 10:26:24,521 CRITI [ckanext.security.authenticator] X-Forwarded-For header missing from request. Set to localhost.
2017-10-10 10:26:24,574 DEBUG [ckan.lib.authenticator] UsernamePasswordAuthenticator.authenticate identity:{'max_age': u'63072000', 'login': u'administrator', 'password': u'mpCembg0'}
2017-10-10 10:26:24,767 DEBUG [ckanext.security.authenticator] auth_user: administrator
2017-10-10 10:26:24,771 DEBUG [ckanext.security.authenticator] CKANLoginThrottle.authenticate OK
2017-10-10 10:26:24,771 DEBUG [ckanext.security.authenticator] repoze.who.userid: administrator
2017-10-10 10:26:24,771 DEBUG [ckanext.security.authenticator] BeakerMemcachedAuth.authenticate OK
2017-10-10 10:26:24,772 INFO  [repoze.who] static downstream application replaced with The resource was found at
2017-10-10 10:26:24,773 INFO  [repoze.who] no challenge required
2017-10-10 10:26:24,774 INFO  [repoze.who] -- repoze.who request ended (/login_generic) --
2017-10-10 10:26:24,849 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'action': u'logged_in', 'controller': u'user'} Origin: core
2017-10-10 10:26:24,849 DEBUG [ckan.config.middleware] Route support answers for GET /user/logged_in: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
2017-10-10 10:26:24,849 DEBUG [ckan.config.middleware] Serving request via pylons_app app
2017-10-10 10:26:24,850 INFO  [repoze.who] request classification: browser
2017-10-10 10:26:24,850 INFO  [repoze.who] -- repoze.who request started (/user/logged_in) --
2017-10-10 10:26:24,851 INFO  [repoze.who] no identities found, not authenticating
2017-10-10 10:26:24,928 DEBUG [ckan.logic] check access OK - site_read user=
2017-10-10 10:26:24,928 DEBUG [ckan.controllers.user] User logged_in START
2017-10-10 10:26:24,928 DEBUG [ckan.controllers.user] User logged_in came_from: /user/logged_in
2017-10-10 10:26:24,928 DEBUG [ckan.controllers.user] redirecting
2017-10-10 10:26:24,929 INFO  [ckan.lib.base]  /user/logged_in render time 0.026 seconds
2017-10-10 10:26:24,931 INFO  [repoze.who] no challenge required
2017-10-10 10:26:24,931 INFO  [repoze.who] -- repoze.who request ended (/user/logged_in) --
2017-10-10 10:26:24,992 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'action': u'logged_in', 'controller': u'user'} Origin: core
2017-10-10 10:26:24,992 DEBUG [ckan.config.middleware] Route support answers for GET /user/logged_in: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
2017-10-10 10:26:24,993 DEBUG [ckan.config.middleware] Serving request via pylons_app app
2017-10-10 10:26:24,994 INFO  [repoze.who] request classification: browser
2017-10-10 10:26:24,994 INFO  [repoze.who] -- repoze.who request started (/user/logged_in) --
2017-10-10 10:26:24,994 INFO  [repoze.who] no identities found, not authenticating

_________________________________________________________
Dr. Lucia Espona Pernas

Swiss Federal Institute for Forest, Snow and Landscape Research WSL
Hauptgebäaude Labortrakt (HL C21)
Zürcherstrasse 111
8903 Birmensdorf
Switzerland

+41 44 739 28 71 phone direct
+41 44 739 21 11 reception

www.wsl.ch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20171010/feb8eaf3/attachment-0002.html>

• Previous message: [ckan-dev] Possible to Run paster serve Under SSL?
• Next message: [ckan-dev] ckanext-security in CKAN 2.7.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]