مشكلة مع create_second_factor_totp

Started POST "/u/create_second_factor_totp.json" for 209.249.35.130 at 2020-02-19 14:21:20 +0000
Processing by UsersController#create_second_factor_totp as JSON
Completed 500 Internal Server Error in 5ms (ActiveRecord: 0.0ms | Allocations: 1781)
Addressable::URI::InvalidURIError (Invalid scheme format: Our Great Forum)
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/addressable-2.7.0/lib/addressable/uri.rb:901:in `scheme='
  Rendering text template
  Rendered text template (Duration: 0.0ms | Allocations: 1)

“Our Great Forum” هي تقريبًا عنوان المنتدى في إعدادات النظام. القيمة الفعلية شيء مثل
“Our Great Forum: Our fine tagline”، لذا ما يظهر في السجل هو الجزء قبل النقطتين الرأسيتين. لا أرى “Our Great Forum” في أي مكان آخر في إعدادات النظام، لذا أنا مرتبك بشأن سبب وجودها في السجل بدون جزء : tagline.

تنهد. هذا الإصدار 2.4.0.beta10 (6301477b4c). سأقوم بالترقية وأطلب منهم المحاولة مرة أخرى. سأقوم بتعديل هذا إذا تمكنت من جعل المستخدم يجرب مرة أخرى على أحدث إصدار.

ماذا يخبرك تتبع المكدس في /logs؟

هذا كل ما أراه في السجلات. لا أرى تتبعًا للخلفية. ومع ذلك، أحصل على الخطأ بمجرد النقر على “المصادق الجديد” في قسم “المصادقين المعتمدين على الرموز”.

وهو نفس الشيء بعد آخر ترقية.

واو، نعم هناك شيء غير صحيح.

هل يمكنك نسخ الطلب بصيغة curl ونشره (مع إخفاء أي بيانات تعريف شخصية أو رموز/أرقام عشوائية) حتى نتمكن من تحديد ما إذا كانت المشكلة من جانب العميل أم الخادم؟

Can confirm that if you have a title with a space before a colon this causes a failure on latest:

with SiteSetting.title = "It's Spaceballs: The Discourse" I get an error clicking on:

Addressable::URI::InvalidURIError in UsersController#create_second_factor_totp

Invalid scheme format: It's Spaceballs
Extracted source (around line #901):

#899       end
#900       if new_scheme && new_scheme !~ /\A[a-z][a-z0-9\.\+\-]*\z/i
*901         raise InvalidURIError, "Invalid scheme format: #{new_scheme}"
#902       end
#903       @scheme = new_scheme
#904       @scheme = nil if @scheme.to_s.strip.empty?

Extracted source (around line #826):

#824         # Bunch of crazy logic required because of the composite components
#825         # like userinfo and authority.
*826         self.scheme = options[:scheme] if options[:scheme]
#827         self.user = options[:user] if options[:user]
#828         self.password = options[:password] if options[:password]
#829         self.userinfo = options[:userinfo] if options[:userinfo]

Extracted source (around line #2392):

#2390       raise LocalJumpError, "No block given." unless block_given?
#2391       @validation_deferred = true
*2392       yield
#2393       @validation_deferred = false
#2394       validate
#2395       return nil


Rails.root: /home/michael/prog/Discourse/discourse

Application Trace
app/models/concerns/second_factor_manager.rb:27:in `totp_provisioning_uri'
app/controllers/users_controller.rb:1148:in `create_second_factor_totp'
lib/middleware/omniauth_bypass_middleware.rb:68:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
config/initializers/100-quiet_logger.rb:18:in `call'
config/initializers/100-silence_logger.rb:31:in `call'
lib/middleware/missing_avatars.rb:23:in `call'
lib/middleware/turbo_dev.rb:34:in `call'

Framework Trace
addressable (2.7.0) lib/addressable/uri.rb:901:in `scheme='
addressable (2.7.0) lib/addressable/uri.rb:826:in `block in initialize'
addressable (2.7.0) lib/addressable/uri.rb:2392:in `defer_validation'
addressable (2.7.0) lib/addressable/uri.rb:823:in `initialize'
addressable (2.7.0) lib/addressable/uri.rb:138:in `new'
addressable (2.7.0) lib/addressable/uri.rb:138:in `parse'
addressable (2.7.0) lib/addressable/uri.rb:607:in `encode'
rotp (5.1.0) lib/rotp/totp.rb:61:in `provisioning_uri'
actionpack (6.0.1) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (6.0.1) lib/abstract_controller/base.rb:196:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (6.0.1) lib/abstract_controller/callbacks.rb:42:in `block in process_action'
activesupport (6.0.1) lib/active_support/callbacks.rb:135:in `run_callbacks'
actionpack (6.0.1) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/instrumentation.rb:33:in `block in process_action'
activesupport (6.0.1) lib/active_support/notifications.rb:180:in `block in instrument'
activesupport (6.0.1) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
activesupport (6.0.1) lib/active_support/notifications.rb:180:in `instrument'
actionpack (6.0.1) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
activerecord (6.0.1) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
actionpack (6.0.1) lib/abstract_controller/base.rb:136:in `process'
actionview (6.0.1) lib/action_view/rendering.rb:39:in `process'
rack-mini-profiler (1.1.6) lib/mini_profiler/profiling_methods.rb:104:in `block in profile_method'
actionpack (6.0.1) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (6.0.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:51:in `dispatch'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:33:in `serve'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:49:in `block in serve'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:837:in `call'
rack (2.0.8) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.0.8) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.8) lib/rack/head.rb:12:in `call'
rack (2.0.8) lib/rack/session/abstract/id.rb:259:in `context'
rack (2.0.8) lib/rack/session/abstract/id.rb:253:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/cookies.rb:648:in `call'
activerecord (6.0.1) lib/active_record/migration.rb:567:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
logster (2.6.3) lib/logster/middleware/reporter.rb:43:in `call'
railties (6.0.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.1) lib/rails/rack/logger.rb:28:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.8) lib/rack/method_override.rb:22:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (2.0.8) lib/rack/sendfile.rb:111:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
rack-mini-profiler (1.1.6) lib/mini_profiler/profiler.rb:296:in `call'
message_bus (2.2.3) lib/message_bus/rack/middleware.rb:57:in `call'
railties (6.0.1) lib/rails/engine.rb:526:in `call'
railties (6.0.1) lib/rails/railtie.rb:190:in `public_send'
railties (6.0.1) lib/rails/railtie.rb:190:in `method_missing'
rack (2.0.8) lib/rack/urlmap.rb:68:in `block in call'
rack (2.0.8) lib/rack/urlmap.rb:53:in `each'
rack (2.0.8) lib/rack/urlmap.rb:53:in `call'
unicorn (5.5.3) lib/unicorn/http_server.rb:605:in `process_client'
unicorn (5.5.3) lib/unicorn/http_server.rb:700:in `worker_loop'
unicorn (5.5.3) lib/unicorn/http_server.rb:548:in `spawn_missing_workers'
unicorn (5.5.3) lib/unicorn/http_server.rb:144:in `start'
unicorn (5.5.3) bin/unicorn:128:in `<top (required)>'
bin/unicorn:87:in `load'
bin/unicorn:87:in `block in <main>'
bin/unicorn:86:in `fork'
bin/unicorn:86:in `<main>'

Full Trace
addressable (2.7.0) lib/addressable/uri.rb:901:in `scheme='
addressable (2.7.0) lib/addressable/uri.rb:826:in `block in initialize'
addressable (2.7.0) lib/addressable/uri.rb:2392:in `defer_validation'
addressable (2.7.0) lib/addressable/uri.rb:823:in `initialize'
addressable (2.7.0) lib/addressable/uri.rb:138:in `new'
addressable (2.7.0) lib/addressable/uri.rb:138:in `parse'
addressable (2.7.0) lib/addressable/uri.rb:607:in `encode'
rotp (5.1.0) lib/rotp/totp.rb:61:in `provisioning_uri'
app/models/concerns/second_factor_manager.rb:27:in `totp_provisioning_uri'
app/controllers/users_controller.rb:1148:in `create_second_factor_totp'
actionpack (6.0.1) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (6.0.1) lib/abstract_controller/base.rb:196:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (6.0.1) lib/abstract_controller/callbacks.rb:42:in `block in process_action'
activesupport (6.0.1) lib/active_support/callbacks.rb:135:in `run_callbacks'
actionpack (6.0.1) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/instrumentation.rb:33:in `block in process_action'
activesupport (6.0.1) lib/active_support/notifications.rb:180:in `block in instrument'
activesupport (6.0.1) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
activesupport (6.0.1) lib/active_support/notifications.rb:180:in `instrument'
actionpack (6.0.1) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (6.0.1) lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
activerecord (6.0.1) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
actionpack (6.0.1) lib/abstract_controller/base.rb:136:in `process'
actionview (6.0.1) lib/action_view/rendering.rb:39:in `process'
rack-mini-profiler (1.1.6) lib/mini_profiler/profiling_methods.rb:104:in `block in profile_method'
actionpack (6.0.1) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (6.0.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:51:in `dispatch'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:33:in `serve'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:49:in `block in serve'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (6.0.1) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.1) lib/action_dispatch/routing/route_set.rb:837:in `call'
lib/middleware/omniauth_bypass_middleware.rb:68:in `call'
rack (2.0.8) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.0.8) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.8) lib/rack/head.rb:12:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
rack (2.0.8) lib/rack/session/abstract/id.rb:259:in `context'
rack (2.0.8) lib/rack/session/abstract/id.rb:253:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/cookies.rb:648:in `call'
activerecord (6.0.1) lib/active_record/migration.rb:567:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
logster (2.6.3) lib/logster/middleware/reporter.rb:43:in `call'
railties (6.0.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.1) lib/rails/rack/logger.rb:28:in `call'
config/initializers/100-quiet_logger.rb:18:in `call'
config/initializers/100-silence_logger.rb:31:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.8) lib/rack/method_override.rb:22:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (2.0.8) lib/rack/sendfile.rb:111:in `call'
actionpack (6.0.1) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
lib/middleware/missing_avatars.rb:23:in `call'
lib/middleware/turbo_dev.rb:34:in `call'
rack-mini-profiler (1.1.6) lib/mini_profiler/profiler.rb:296:in `call'
message_bus (2.2.3) lib/message_bus/rack/middleware.rb:57:in `call'
railties (6.0.1) lib/rails/engine.rb:526:in `call'
railties (6.0.1) lib/rails/railtie.rb:190:in `public_send'
railties (6.0.1) lib/rails/railtie.rb:190:in `method_missing'
rack (2.0.8) lib/rack/urlmap.rb:68:in `block in call'
rack (2.0.8) lib/rack/urlmap.rb:53:in `each'
rack (2.0.8) lib/rack/urlmap.rb:53:in `call'
unicorn (5.5.3) lib/unicorn/http_server.rb:605:in `process_client'
unicorn (5.5.3) lib/unicorn/http_server.rb:700:in `worker_loop'
unicorn (5.5.3) lib/unicorn/http_server.rb:548:in `spawn_missing_workers'
unicorn (5.5.3) lib/unicorn/http_server.rb:144:in `start'
unicorn (5.5.3) bin/unicorn:128:in `<top (required)>'
bin/unicorn:87:in `load'
bin/unicorn:87:in `block in <main>'
bin/unicorn:86:in `fork'
bin/unicorn:86:in `<main>'



Request parameters
{"format"=>"json"}

Session dump
_csrf_token: "lk/NmJ0SlnTWvQ3HeeP22fzMicKdW/pPwzlLgi0tgY="
secure_session_id: "a16cc4e497b750f5bb1a310612427e54"
session_id: "4f2f8c8f2610c51914ff03a8e3e5f053"

Env dump
HTTP_ACCEPT: "*/*"
HTTP_ACCEPT_ENCODING: "gzip, deflate, br"
HTTP_ACCEPT_LANGUAGE: "en-GB,en-US;q=0.9,en;q=0.8,fr-CA;q=0.7,fr;q=0.6"
HTTP_ORIGIN: "http://localhost:3000"
HTTP_VERSION: "HTTP/1.1"
HTTP_X_CSRF_TOKEN: "Sv2Q7IKSgtoO7bd4aApBiX/qyGqJHknnTjncA9yNMzaevU0MGI5HHlIx/3hS65tsO01xqmnLc15RFuUa0TsEsA=="
ORIGINAL_SCRIPT_NAME: ""
REMOTE_ADDR: "127.0.0.1"
SERVER_NAME: "localhost"
SERVER_PROTOCOL: "HTTP/1.1"

Response headers
None

Here’s a failing spec:

diff --git a/spec/components/concern/second_factor_manager_spec.rb b/spec/components/concern/second_factor_manager_spec.rb
index 36e4f066ce..a657a0fdc8 100644
--- a/spec/components/concern/second_factor_manager_spec.rb
+++ b/spec/components/concern/second_factor_manager_spec.rb
@@ -47,6 +47,18 @@ RSpec.describe SecondFactorManager do
         "otpauth://totp/#{SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{SiteSetting.title}"
       )
     end
+    it 'should handle a colon in the site title' do
+      SiteSetting.title = 'Spaceballs: The Discourse'
+      expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
+        "otpauth://totp/#{URI::escape SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{CGI::escape SiteSetting.title}"
+      )
+    end
+    it 'should handle a space before a colon in the site title' do
+      SiteSetting.title = 'Our Spaceballs: The Discourse'
+      expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
+        "otpauth://totp/#{URI::escape SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{CGI::escape SiteSetting.title}"
+      )
+    end
   end
 
   describe '#authenticate_totp' do

→ RAILS_ENV=test rspec ./spec/components/concern/second_factor_manager_spec.rb

Randomized with seed 47333
...................F......................

Failures:

  1) SecondFactorManager#totp_provisioning_uri should handle a space before a colon in the site title
     Failure/Error: totp_object.provisioning_uri(user.email)
     
     Addressable::URI::InvalidURIError:
       Invalid scheme format: Our Spaceballs
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:901:in `scheme='
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:826:in `block in initialize'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:2392:in `defer_validation'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:823:in `initialize'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:138:in `new'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:138:in `parse'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/addressable-2.7.0/lib/addressable/uri.rb:607:in `encode'
     # /home/michael/.rvm/gems/ruby-2.6.3/gems/rotp-5.1.0/lib/rotp/totp.rb:61:in `provisioning_uri'
     # ./app/models/user_second_factor.rb:32:in `totp_provisioning_uri'
     # ./spec/components/concern/second_factor_manager_spec.rb:58:in `block (3 levels) in <top (required)>'

Finished in 0.75471 seconds (files took 2.18 seconds to load)
42 examples, 1 failure

Failed examples:

rspec ./spec/components/concern/second_factor_manager_spec.rb:56 # SecondFactorManager#totp_provisioning_uri should handle a space before a colon in the site title

Randomized with seed 47333

هذا يجب أن يصلح الأمر:

تغيير المصدر يغير قيم الرمز، لكن الآن كان معطّلًا تمامًا بالنسبة للنقطتين، لذا لا ينبغي أن يؤثر ذلك على أي مستخدم جديد.

لاحظ أنه كان يعمل سابقًا للعناوين التي تحتوي على نقطتين مثل Spaceballs: The Discourse (كان يعمل بشكل صحيح بالنسبة لي وتمكنت من إضافته إلى هاتفي)، لكنه كان يفشل عندما كانت هناك كلمتان قبل النقطتين.

(آسف إذا لم يكن ذلك واضحًا بما يكفي في تقريري)

غريب، لقد أقسمتُ أن كلا الاختبارين فشل. على أي حال، هذا نهج أفضل.

هذا هو الأهم حقًا!

هل يمكنك تأكيد أن كل شيء على ما يرام لموقعك؟

لم أحصل على تأكيد بأن الأمر نجح مع المستخدم الذي اشتكى، لكنه نجح معي.

لكن ما لا أفهمه هو أنني أدرك أن:

1. هذا كان معطلاً دائمًا للعناوين التي تحتوي على :
2. إذا تغير عنوان الموقع، فإن المصادق يتعطل لأنه مرتبط بعنوان الموقع
3. لم يتغير SiteSettings.title منذ فترة طويلة
4. UserSecondFactor.where(method: 1) يعيد عددًا من الإدخالات من أغسطس الماضي

لا أفهم كيف يمكن أن تكون كل هذه الأمور صحيحة. هل صحيح أن تغيير عنوان الموقع كسر جميع عناصر UserSecondFactor للمصادق الموجودة مسبقًا؟ تعديل: لا، ليس كذلك. لقد غيرت العنوان للتو ولا يزال المصادق ثنائي العامل (2FA) الذي أنشأته بالأمس يعمل.

فقط مع وجود كلمات متعددة قبل النقطتين العموديتين:

فقط عملية إضافة مصادق TOTP جديد كانت كانت معطّلة

حسنًا، أنا متأكد جدًا من أن العنوان كان يحتوي على كلمات متعددة وعلامة نقطية منذ فترة طويلة (بدون تغييرات في السجلات منذ مايو 2019 على الأقل) وأنه كان يعمل في أغسطس الماضي (لأن هناك رموز مصادقة تم إنشاؤها آنذاك)، ولكن على أي حال. يبدو أنه يعمل الآن وأن تغيير العنوان لا يكسر الرموز الحالية، لذا يبدو هذا انتصارًا.

شكرًا لك على الإصلاح السريع!

تم إغلاق هذا الموضوع تلقائيًا بعد يومين من آخر رد. لم يعد السماح بردود جديدة.