Ubuntu Single Sign On Client

Merge lp:~mandel/ubuntu-sso-client/fix-ssl into lp:ubuntu-sso-client

  1. fix-ssl
  2. Merge into trunk
Proposed by Manuel de la Peña on 2012-04-23
Status: Merged
Approved by: Alejandro J. Cura on 2012-04-24
Approved revision: 953
Merged at revision: 950
Proposed branch: lp:~mandel/ubuntu-sso-client/fix-ssl
Merge into: lp:ubuntu-sso-client
Diff against target: 123 lines (+28/-13)
3 files modified
ubuntu_sso/utils/webclient/qtnetwork.py (+12/-10)
ubuntu_sso/utils/webclient/tests/test_webclient.py (+13/-3)
ubuntu_sso/utils/webclient/txweb.py (+3/-0)
To merge this branch: bzr merge lp:~mandel/ubuntu-sso-client/fix-ssl
Reviewer Review Type Date Requested Status
Alejandro J. Cura (community) Approve on 2012-04-24
Roberto Alsina (community) 2012-04-23 Approve on 2012-04-23
Review via email: mp+103147@code.launchpad.net

Commit Message

- Added extra logging when ssl errors occur (LP: #987405).

Description of the Change

- Added extra logging when ssl errors occur (LP: #987405).

To post a comment you must log in.
lp:~mandel/ubuntu-sso-client/fix-ssl updated on 2012-04-23
951. By Manuel de la Peña on 2012-04-23

Remove old comment.

Roberto Alsina (ralsina) wrote :

+1 but the diff lines 16-18 scare me slightly.

review: Approve
Alejandro J. Cura (alecu) wrote :

Nice branch.

I'm requesting a few fixes, as follow:

---

This comment is no longer valid:

29 # ask the user if the cer should be trusted

---

The name of this test is no longer valid:

test_ssl_fail_dialog_user_rejects

----

The changes in ubuntu_sso/utils/webclient/txweb.py are not used, and should be removed from this branch.

----

A typical error is currently logged as:

"""
2012-04-23 20:17:42,844:844.474077225 - ubuntu_sso.utils.webclient.qtnetwork - ERROR - SSL errors econuntered when performing a request to PyQt4.QtCore.QUrl(u'https://login.ubuntu.com/api/1.0/authentications')
:Error:
<TAB>Cert Details:
Organization: Mandel Corp
Common Name: mandel.biz
Locality Name: Barrio La Latina
Unit: Biohazards Division
Country: ES
State or Province: Madrid
<TAB>Error:
22
<TAB>Error msg:
The host name did not match any of the valid hosts for this certificate
"""

The error could be repeated multiple times in the log, and the wrongly placed tabs and the weird line breaks add a lot of noise. Please change it so looks like this:

msg.write('SSL errors found; url: %s\n' % reply.request().url())
for error in errors:
    msg.write('========Error=============\n%s (%s)\n' % (error.errorString(), error.error()))
    msg.write('--------Cert Details------\n%s\n' % self._get_certificate_details(error.certificate()))
msg.write('==========================\n')

review: Needs Fixing
Manuel de la Peña (mandel) wrote :

Indeed, is confusing (funny brain wired here), I'll push a version with the proposed message.

lp:~mandel/ubuntu-sso-client/fix-ssl updated on 2012-04-24
952. By Manuel de la Peña on 2012-04-24

Improve logging message.

Alejandro J. Cura (alecu) wrote :

It seems that these items were not fixed in the latest revision:

---

This comment is no longer valid:

29 # ask the user if the cer should be trusted

---

The name of this test is no longer valid:

test_ssl_fail_dialog_user_rejects

----

The changes in ubuntu_sso/utils/webclient/txweb.py are not used, and should be removed from this branch.

----

review: Needs Fixing
lp:~mandel/ubuntu-sso-client/fix-ssl updated on 2012-04-24
953. By Manuel de la Peña on 2012-04-24

Remov old comment and renamed test.

Alejandro J. Cura (alecu) wrote :

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu_sso/utils/webclient/qtnetwork.py'
2--- ubuntu_sso/utils/webclient/qtnetwork.py 2012-04-12 12:07:46 +0000
3+++ ubuntu_sso/utils/webclient/qtnetwork.py 2012-04-24 14:09:21 +0000
4@@ -30,6 +30,7 @@
5
6 import sys
7
8+from StringIO import StringIO
9 # pylint: disable=E0611
10 from PyQt4.QtCore import (
11 QBuffer,
12@@ -96,8 +97,7 @@
13 self.nam.finished.connect(self._handle_finished)
14 self.nam.authenticationRequired.connect(self._handle_authentication)
15 self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth)
16- # Disabled until we make this a per-instance option
17- #self.nam.sslErrors.connect(self._handle_ssl_errors)
18+ self.nam.sslErrors.connect(self._handle_ssl_errors)
19 self.replies = {}
20 self.proxy_retry = False
21 self.setup_proxy()
22@@ -229,16 +229,18 @@
23 """Return the host of the cert."""
24 return str(cert.issuerInfo(QSslCertificate.CommonName))
25
26- @defer.inlineCallbacks
27 def _handle_ssl_errors(self, reply, errors):
28 """Handle the case in which we got an ssl error."""
29- # ask the user if the cer should be trusted
30- cert = errors[0].certificate()
31- trust_cert = yield self.request_ssl_cert_approval(
32- self._get_certificate_host(cert),
33- self._get_certificate_details(cert))
34- if trust_cert:
35- reply.ignoreSslErrors()
36+ msg = StringIO()
37+ msg.write('SSL errors found; url: %s\n' %
38+ reply.request().url().toString())
39+ for error in errors:
40+ msg.write('========Error=============\n%s (%s)\n' %
41+ (error.errorString(), error.error()))
42+ msg.write('--------Cert Details------\n%s\n' %
43+ self._get_certificate_details(error.certificate()))
44+ msg.write('==========================\n')
45+ logger.error(msg.getvalue())
46
47 def force_use_proxy(self, https_settings):
48 """Setup this webclient to use the given proxy settings."""
49
50=== modified file 'ubuntu_sso/utils/webclient/tests/test_webclient.py'
51--- ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-04-18 15:24:12 +0000
52+++ ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-04-24 14:09:21 +0000
53@@ -28,6 +28,7 @@
54 # files in the program, then also delete it here.
55 """Integration tests for the proxy-enabled webclient."""
56
57+import logging
58 import os
59 import shutil
60 import sys
61@@ -40,6 +41,7 @@
62 from twisted.web import guard, http, resource
63 from urllib2 import urlparse
64
65+from ubuntuone.devtools.handlers import MementoHandler
66 from ubuntuone.devtools.testcases import TestCase
67 from ubuntuone.devtools.testcases.squid import SquidTestCase
68 from ubuntuone.devtools.testing.txwebserver import (
69@@ -1110,6 +1112,12 @@
70 """Set the diff tests."""
71 yield super(SSLTestCase, self).setUp()
72
73+ self.memento = MementoHandler()
74+ self.memento.setLevel(logging.DEBUG)
75+ logger = webclient.webclient_module().logger
76+ logger.addHandler(self.memento)
77+ self.addCleanup(logger.removeHandler, self.memento)
78+
79 self.wc = webclient.webclient_factory()
80 self.addCleanup(self.wc.shutdown)
81
82@@ -1142,10 +1150,12 @@
83 """Test showing the dialog and accepting when using a proxy."""
84 self._assert_ssl_fail_user_accepts(self.get_nonauth_proxy_settings())
85
86- def test_ssl_fail_dialog_user_rejects(self):
87+ def test_ssl_fail(self):
88 """Test showing the dialog and rejecting."""
89- self.failUnlessFailure(self.wc.request(self.base_iri + SIMPLERESOURCE),
90+ self.failUnlessFailure(self.wc.request(
91+ self.base_iri + SIMPLERESOURCE),
92 webclient.WebClientError)
93+ self.assertNotEqual(None, self.memento.check_error('SSL errors'))
94
95 def test_format_ssl_details(self):
96 """Assert that details are correctly formatted"""
97@@ -1158,4 +1168,4 @@
98 reason = 'SSL support has not yet been implemented.'
99 test_ssl_fail_dialog_user_accepts.skip = reason
100 test_ssl_fail_dialog_user_accepts_via_proxy.skip = reason
101- test_ssl_fail_dialog_user_rejects.skip = reason
102+ test_ssl_fail.skip = reason
103
104=== modified file 'ubuntu_sso/utils/webclient/txweb.py'
105--- ubuntu_sso/utils/webclient/txweb.py 2012-04-18 15:13:50 +0000
106+++ ubuntu_sso/utils/webclient/txweb.py 2012-04-24 14:09:21 +0000
107@@ -33,6 +33,7 @@
108
109 from twisted.internet import defer
110
111+from ubuntu_sso.logger import setup_logging
112 from ubuntu_sso.utils.webclient.common import (
113 BaseWebClient,
114 HeaderDict,
115@@ -41,6 +42,8 @@
116 WebClientError,
117 )
118
119+logger = setup_logging("ubuntu_sso.utils.webclient.txweb")
120+
121
122 class RawResponse(object):
123 """A raw response from the webcall."""

Subscribers

People subscribed via source and target branches