Ubuntu Single Sign On Client

Merge lp:~mandel/ubuntu-sso-client/fix-ssl into lp:ubuntu-sso-client

  1. fix-ssl
  2. Merge into trunk
Proposed by Manuel de la Peña
Status: Merged
Approved by: Alejandro J. Cura
Approved revision: 953
Merged at revision: 950
Proposed branch: lp:~mandel/ubuntu-sso-client/fix-ssl
Merge into: lp:ubuntu-sso-client
Diff against target: 123 lines (+28/-13)
3 files modified
ubuntu_sso/utils/webclient/qtnetwork.py (+12/-10)
ubuntu_sso/utils/webclient/tests/test_webclient.py (+13/-3)
ubuntu_sso/utils/webclient/txweb.py (+3/-0)
To merge this branch: bzr merge lp:~mandel/ubuntu-sso-client/fix-ssl
Reviewer Review Type Date Requested Status
Alejandro J. Cura (community) Approve
Roberto Alsina (community) Approve
Review via email: mp+103147@code.launchpad.net

Commit message

- Added extra logging when ssl errors occur (LP: #987405).

Description of the change

- Added extra logging when ssl errors occur (LP: #987405).

To post a comment you must log in.
lp:~mandel/ubuntu-sso-client/fix-ssl updated
951. By Manuel de la Peña

Remove old comment.

Revision history for this message
Roberto Alsina (ralsina) wrote :

+1 but the diff lines 16-18 scare me slightly.

review: Approve
Revision history for this message
Alejandro J. Cura (alecu) wrote :

Nice branch.

I'm requesting a few fixes, as follow:

---

This comment is no longer valid:

29 # ask the user if the cer should be trusted

---

The name of this test is no longer valid:

test_ssl_fail_dialog_user_rejects

----

The changes in ubuntu_sso/utils/webclient/txweb.py are not used, and should be removed from this branch.

----

A typical error is currently logged as:

"""
2012-04-23 20:17:42,844:844.474077225 - ubuntu_sso.utils.webclient.qtnetwork - ERROR - SSL errors econuntered when performing a request to PyQt4.QtCore.QUrl(u'https://login.ubuntu.com/api/1.0/authentications')
:Error:
<TAB>Cert Details:
Organization: Mandel Corp
Common Name: mandel.biz
Locality Name: Barrio La Latina
Unit: Biohazards Division
Country: ES
State or Province: Madrid
<TAB>Error:
22
<TAB>Error msg:
The host name did not match any of the valid hosts for this certificate
"""

The error could be repeated multiple times in the log, and the wrongly placed tabs and the weird line breaks add a lot of noise. Please change it so looks like this:

msg.write('SSL errors found; url: %s\n' % reply.request().url())
for error in errors:
    msg.write('========Error=============\n%s (%s)\n' % (error.errorString(), error.error()))
    msg.write('--------Cert Details------\n%s\n' % self._get_certificate_details(error.certificate()))
msg.write('==========================\n')

review: Needs Fixing
Revision history for this message
Manuel de la Peña (mandel) wrote :

Indeed, is confusing (funny brain wired here), I'll push a version with the proposed message.

lp:~mandel/ubuntu-sso-client/fix-ssl updated
952. By Manuel de la Peña

Improve logging message.

Revision history for this message
Alejandro J. Cura (alecu) wrote :

It seems that these items were not fixed in the latest revision:

---

This comment is no longer valid:

29 # ask the user if the cer should be trusted

---

The name of this test is no longer valid:

test_ssl_fail_dialog_user_rejects

----

The changes in ubuntu_sso/utils/webclient/txweb.py are not used, and should be removed from this branch.

----

review: Needs Fixing
lp:~mandel/ubuntu-sso-client/fix-ssl updated
953. By Manuel de la Peña

Remov old comment and renamed test.

Revision history for this message
Alejandro J. Cura (alecu) wrote :

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'ubuntu_sso/utils/webclient/qtnetwork.py'
--- ubuntu_sso/utils/webclient/qtnetwork.py 2012-04-12 12:07:46 +0000
+++ ubuntu_sso/utils/webclient/qtnetwork.py 2012-04-24 14:09:21 +0000
@@ -30,6 +30,7 @@
3030
31import sys31import sys
3232
33from StringIO import StringIO
33# pylint: disable=E061134# pylint: disable=E0611
34from PyQt4.QtCore import (35from PyQt4.QtCore import (
35 QBuffer,36 QBuffer,
@@ -96,8 +97,7 @@
96 self.nam.finished.connect(self._handle_finished)97 self.nam.finished.connect(self._handle_finished)
97 self.nam.authenticationRequired.connect(self._handle_authentication)98 self.nam.authenticationRequired.connect(self._handle_authentication)
98 self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth)99 self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth)
99 # Disabled until we make this a per-instance option100 self.nam.sslErrors.connect(self._handle_ssl_errors)
100 #self.nam.sslErrors.connect(self._handle_ssl_errors)
101 self.replies = {}101 self.replies = {}
102 self.proxy_retry = False102 self.proxy_retry = False
103 self.setup_proxy()103 self.setup_proxy()
@@ -229,16 +229,18 @@
229 """Return the host of the cert."""229 """Return the host of the cert."""
230 return str(cert.issuerInfo(QSslCertificate.CommonName))230 return str(cert.issuerInfo(QSslCertificate.CommonName))
231231
232 @defer.inlineCallbacks
233 def _handle_ssl_errors(self, reply, errors):232 def _handle_ssl_errors(self, reply, errors):
234 """Handle the case in which we got an ssl error."""233 """Handle the case in which we got an ssl error."""
235 # ask the user if the cer should be trusted234 msg = StringIO()
236 cert = errors[0].certificate()235 msg.write('SSL errors found; url: %s\n' %
237 trust_cert = yield self.request_ssl_cert_approval(236 reply.request().url().toString())
238 self._get_certificate_host(cert),237 for error in errors:
239 self._get_certificate_details(cert))238 msg.write('========Error=============\n%s (%s)\n' %
240 if trust_cert:239 (error.errorString(), error.error()))
241 reply.ignoreSslErrors()240 msg.write('--------Cert Details------\n%s\n' %
241 self._get_certificate_details(error.certificate()))
242 msg.write('==========================\n')
243 logger.error(msg.getvalue())
242244
243 def force_use_proxy(self, https_settings):245 def force_use_proxy(self, https_settings):
244 """Setup this webclient to use the given proxy settings."""246 """Setup this webclient to use the given proxy settings."""
245247
=== modified file 'ubuntu_sso/utils/webclient/tests/test_webclient.py'
--- ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-04-18 15:24:12 +0000
+++ ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-04-24 14:09:21 +0000
@@ -28,6 +28,7 @@
28# files in the program, then also delete it here.28# files in the program, then also delete it here.
29"""Integration tests for the proxy-enabled webclient."""29"""Integration tests for the proxy-enabled webclient."""
3030
31import logging
31import os32import os
32import shutil33import shutil
33import sys34import sys
@@ -40,6 +41,7 @@
40from twisted.web import guard, http, resource41from twisted.web import guard, http, resource
41from urllib2 import urlparse42from urllib2 import urlparse
4243
44from ubuntuone.devtools.handlers import MementoHandler
43from ubuntuone.devtools.testcases import TestCase45from ubuntuone.devtools.testcases import TestCase
44from ubuntuone.devtools.testcases.squid import SquidTestCase46from ubuntuone.devtools.testcases.squid import SquidTestCase
45from ubuntuone.devtools.testing.txwebserver import (47from ubuntuone.devtools.testing.txwebserver import (
@@ -1110,6 +1112,12 @@
1110 """Set the diff tests."""1112 """Set the diff tests."""
1111 yield super(SSLTestCase, self).setUp()1113 yield super(SSLTestCase, self).setUp()
11121114
1115 self.memento = MementoHandler()
1116 self.memento.setLevel(logging.DEBUG)
1117 logger = webclient.webclient_module().logger
1118 logger.addHandler(self.memento)
1119 self.addCleanup(logger.removeHandler, self.memento)
1120
1113 self.wc = webclient.webclient_factory()1121 self.wc = webclient.webclient_factory()
1114 self.addCleanup(self.wc.shutdown)1122 self.addCleanup(self.wc.shutdown)
11151123
@@ -1142,10 +1150,12 @@
1142 """Test showing the dialog and accepting when using a proxy."""1150 """Test showing the dialog and accepting when using a proxy."""
1143 self._assert_ssl_fail_user_accepts(self.get_nonauth_proxy_settings())1151 self._assert_ssl_fail_user_accepts(self.get_nonauth_proxy_settings())
11441152
1145 def test_ssl_fail_dialog_user_rejects(self):1153 def test_ssl_fail(self):
1146 """Test showing the dialog and rejecting."""1154 """Test showing the dialog and rejecting."""
1147 self.failUnlessFailure(self.wc.request(self.base_iri + SIMPLERESOURCE),1155 self.failUnlessFailure(self.wc.request(
1156 self.base_iri + SIMPLERESOURCE),
1148 webclient.WebClientError)1157 webclient.WebClientError)
1158 self.assertNotEqual(None, self.memento.check_error('SSL errors'))
11491159
1150 def test_format_ssl_details(self):1160 def test_format_ssl_details(self):
1151 """Assert that details are correctly formatted"""1161 """Assert that details are correctly formatted"""
@@ -1158,4 +1168,4 @@
1158 reason = 'SSL support has not yet been implemented.'1168 reason = 'SSL support has not yet been implemented.'
1159 test_ssl_fail_dialog_user_accepts.skip = reason1169 test_ssl_fail_dialog_user_accepts.skip = reason
1160 test_ssl_fail_dialog_user_accepts_via_proxy.skip = reason1170 test_ssl_fail_dialog_user_accepts_via_proxy.skip = reason
1161 test_ssl_fail_dialog_user_rejects.skip = reason1171 test_ssl_fail.skip = reason
11621172
=== modified file 'ubuntu_sso/utils/webclient/txweb.py'
--- ubuntu_sso/utils/webclient/txweb.py 2012-04-18 15:13:50 +0000
+++ ubuntu_sso/utils/webclient/txweb.py 2012-04-24 14:09:21 +0000
@@ -33,6 +33,7 @@
3333
34from twisted.internet import defer34from twisted.internet import defer
3535
36from ubuntu_sso.logger import setup_logging
36from ubuntu_sso.utils.webclient.common import (37from ubuntu_sso.utils.webclient.common import (
37 BaseWebClient,38 BaseWebClient,
38 HeaderDict,39 HeaderDict,
@@ -41,6 +42,8 @@
41 WebClientError,42 WebClientError,
42)43)
4344
45logger = setup_logging("ubuntu_sso.utils.webclient.txweb")
46
4447
45class RawResponse(object):48class RawResponse(object):
46 """A raw response from the webcall."""49 """A raw response from the webcall."""

Subscribers

People subscribed via source and target branches