Bug 456251 - expired session causes 500 instead of 403
expired session causes 500 instead of 403
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
510
All Linux
medium Severity high
: ---
: ---
Assigned To: Milan Zázrivec
Michael Mráka
:
Depends On:
Blocks: 456985
  Show dependency treegraph
 
Reported: 2008-07-22 10:22 EDT by Daniel Mach
Modified: 2009-09-10 16:26 EDT (History)
1 user (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 16:26:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
traceback for the above reproducer (6.73 KB, text/plain)
2009-03-13 09:18 EDT, Milan Zázrivec
no flags Details

  None (edit)
Description Daniel Mach 2008-07-22 10:22:39 EDT
Description of problem:
When session expires, packages.getPackageMD5sumBySession() throws an exception
and xml-rpc call ends with 500 instead of 403.

How reproducible:
always

Steps to Reproduce:
#!/usr/bin/python

from rhn import rpclib
rhn_proxy = rpclib.Server("http://sputnik-prod.englab.brq.redhat.com/APP")

session_id = "foo"
call_args = {
    "packages": {},
    "org_id": 0,
}

print rhn_proxy.packages.getPackageMD5sumBySession(session_id, call_args)
  
Actual results:
500 Internal Server Error

Expected results:
403 Forbidden
Comment 1 Milan Zázrivec 2008-12-04 08:39:52 EST
While I agree that expired session should not return 500, the reproducer
you're showing causes invalid session error, not expired session error.
Comment 2 Daniel Mach 2008-12-04 08:52:36 EST
Is there a difference between expired and invalid session?
I found this issue when pushing a huge amount of packages and session expired.
I think that the exception is thrown when no valid session is found in the database, regardless the one you provide is invalid or expired.
Comment 3 Milan Zázrivec 2009-03-13 09:18:50 EDT
Created attachment 335087 [details]
traceback for the above reproducer
Comment 4 Milan Zázrivec 2009-03-16 10:40:40 EDT
spacewalk.git master: b649b2636685c4bab85577ca0f4ae527076da428

Remote call now returns appropriate exception and HTTP 200.
Comment 5 Michael Mráka 2009-03-27 11:41:53 EDT
$ python bz.py
Verified.
Satellite-5.3.0-RHEL4-re20090323.0
spacewalk-backend-0.5.25-1.el4sat


Traceback (most recent call last):
  File "bz.py", line 13, in ?
    print rhn_proxy.packages.getPackageMD5sumBySession(session_id, call_args)
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 593, in __call__
    return self._send(self._name, args)
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 319, in _request
    request, verbose=self._verbose)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 188, in request
    return self._process_response(fd, connection)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 216, in _process_response
    return self.parse_response(fd)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 240, in parse_response
    return u.close()
  File "/usr/lib/python2.4/xmlrpclib.py", line 744, in close
    raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault -33: '\nError Class Code: 33\nError Class Info: Client session token is invalid.\nExplanation: \n     An error has occurred while processing your request. If this problem\n     persists please enter a bug report at bugzilla.redhat.com.\n     If you choose to submit the bug report, please be sure to include\n     details of what you were trying to do when this error occurred and\n     details on how to reproduce this problem.\n'>
Comment 6 John Matthews 2009-08-13 13:00:35 EDT
Move to RELEASE_PENDING

error message states "session token is invalid"

[root@rhndev1 ~]# rpm -q spacewalk-backend
spacewalk-backend-0.5.28-33.el4sat


[root@dhcp77-111 ~]# python
Python 2.4.3 (#1, Sep 17 2008, 16:04:01) 
[GCC 4.1.2 20071124 (Red Hat 4.1.2-41)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from rhn import rpclib
>>> rhn_proxy = rpclib.Server("http://rhndev1.z900.redhat.com/APP")
>>> session_id = "foo"
>>> call_args = {
...     "packages": {},
...     "org_id": 0,
... }
>>> print rhn_proxy.packages.getPackageMD5sumBySession(session_id, call_args)
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 603, in __call__
    return self._send(self._name, args)
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 326, in _request
    self._handler, request, verbose=self._verbose)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 188, in request
    return self._process_response(fd, connection)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 216, in _process_response
    return self.parse_response(fd)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 240, in parse_response
    return u.close()
  File "/usr/lib/python2.4/xmlrpclib.py", line 744, in close
    raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault -33: '\nError Class Code: 33\nError Class Info: Client session token is invalid.\nExplanation: \n     An error has occurred while processing your request. If this problem\n     persists please enter a bug report at bugzilla.redhat.com.\n     If you choose to submit the bug report, please be sure to include\n     details of what you were trying to do when this error occurred and\n     details on how to reproduce this problem.\n'>
>>>
Comment 7 Brandon Perkins 2009-09-10 16:26:35 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html

Note You need to log in before you can comment on or make changes to this bug.