Closed Bug 762340 Opened 13 years ago Closed 13 years ago

Unauthorized access on /user/property/foo

Categories

(Pancake Graveyard :: Back-end, defect)

Product:
Pancake Graveyard
Component:
Back-end
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: st3fan, Assigned: st3fan)

Details

Just seen on production. This should not happen, the /user/property/* handler can only be called after you log succesfully log in? Error - <type 'exceptions.ValueError'>: Could not convert view return value "{'reason': 'unauthorized', 'success': False}" into a response object URL: http://pancake.mozillalabs.com/user/property/agreed-to-privacy-policy File '/usr/lib/python2.7/site-packages/weberror/errormiddleware.py', line 162 in __call__ app_iter = self.application(environ, sr_checker) File '/usr/lib/python2.7/site-packages/pyramid/router.py', line 176 in __call__ response = self.handle_request(request) File '/usr/lib/python2.7/site-packages/pyramid/tweens.py', line 17 in excview_tween response = handler(request) File '/usr/lib/python2.7/site-packages/pyramid/router.py', line 153 in handle_request response = view_callable(context, request) File '/usr/lib/python2.7/site-packages/pyramid/config/views.py', line 159 in wrapper response = view(context, request) File '/usr/lib/python2.7/site-packages/pyramid/config/views.py', line 324 in viewresult_to_response 'response object' % (result,)) ValueError: Could not convert view return value "{'reason': 'unauthorized', 'success': False}" into a response object CGI Variables ------------- CONTENT_LENGTH: '20' CONTENT_TYPE: 'application/x-www-form-urlencoded' HTTP_ACCEPT: 'application/json' HTTP_ACCEPT_ENCODING: 'gzip, deflate' HTTP_ACCEPT_LANGUAGE: 'en-us' HTTP_CONNECTION: 'close' HTTP_COOKIE: 'sessionid=16c897e0b50aae691aef1b70fd222fb736fc2fbf66cf4f949702455b87d4ef5de357688d' HTTP_HOST: 'pancake.mozillalabs.com' HTTP_ORIGIN: 'https://pancake.mozillalabs.com' HTTP_REFERER: 'https://pancake.mozillalabs.com/setup?platform=ios' HTTP_SSLCLIENTCERTSTATUS: 'NoClientCert' HTTP_SSLCLIENTCIPHER: 'SSL_RSA_WITH_RC4_128_SHA, version=TLSv1.1, bits=128' HTTP_SSLSESSIONID: 'FDDEC5AFB914DADD96070D37E73C3CDF23C64BFB963E579B6AA20CED5F6F2E20' HTTP_USER_AGENT: 'Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B176' HTTP_X_CLUSTER_CLIENT_IP: '63.245.220.240' HTTP_X_REQUESTED_WITH: 'XMLHttpRequest' PATH_INFO: '/user/property/agreed-to-privacy-policy' RAW_URI: '/user/property/agreed-to-privacy-policy' REMOTE_ADDR: '63.245.220.240' REMOTE_PORT: '80'
Fixed with https://bitbucket.org/mozillapancake/pancake/changeset/ca604f4b8a01 This is not a real fix for the underlying problem. This fix just changes the response from 200 OK to 403 Forbidden. The real problem is likely that the client/fe is in a weird state and tries to call these methods even though the user is not logged in. If that happens more often then we should take a more detailed look at it.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.