HTTP 500 on get permissions (ValueError)

[AlexB1986]

Steps to reproduce docker run -p 8888:8888 kinto/kinto-server Running kinto 14.0.1.dev0.

Request

GET /v1/permissions?_since=6148&_token= HTTP/1.1
Host: 127.0.0.1:8888

Response

{
    "code": 500,
    "errno": 999,
    "error": "Internal Server Error",
    "message": "A programmatic error occured, developers have been informed.",
    "info": "https://github.com/Kinto/kinto/issues/"
}

Log:

"GET /v1/permissions?_since=6148&_token=" ? (? ms) not enough values to unpack (expected 3, got 2) errno=999

File "/app/kinto/core/events.py", line 157, in tween
File "/usr/local/lib/python3.7/site-packages/pyramid/router.py", line 148, in handle_request
registry, request, context, context_iface, view_name
File "/usr/local/lib/python3.7/site-packages/pyramid/view.py", line 683, in _call_view
response = view_callable(context, request)
File "/usr/local/lib/python3.7/site-packages/pyramid/config/views.py", line 169, in __call__
return view(context, request)
File "/usr/local/lib/python3.7/site-packages/pyramid/config/views.py", line 188, in attr_view
File "/usr/local/lib/python3.7/site-packages/pyramid/config/views.py", line 214, in predicate_wrapper
File "/usr/local/lib/python3.7/site-packages/pyramid/viewderivers.py", line 325, in secured_view
File "/usr/local/lib/python3.7/site-packages/pyramid/viewderivers.py", line 436, in rendered_view
result = view(context, request)
File "/usr/local/lib/python3.7/site-packages/pyramid/viewderivers.py", line 144, in _requestonly_view
response = view(request)
File "/usr/local/lib/python3.7/site-packages/cornice/service.py", line 590, in wrapper
response = view_()
File "/app/kinto/core/resource/__init__.py", line 350, in plural_get
return self._plural_get(False)
File "/app/kinto/core/resource/__init__.py", line 393, in _plural_get
include_deleted=include_deleted,
File "/app/kinto/views/permissions.py", line 77, in get_objects
parent_id=parent_id,
File "/app/kinto/views/permissions.py", line 109, in _get_objects
perms_by_object_uri = backend.get_accessible_objects(principals)
File "/app/kinto/core/decorators.py", line 45, in decorated
result = method(self, *args, **kwargs)
File "/app/kinto/core/permission/memory.py", line 101, in get_accessible_objects
_, object_id, permission = key.split(":", 2)
ValueError: not enough values to unpack (expected 3, got 2)

"GET /v1/permissions?_since=6148&_token=" 500 (4 ms) agent=python-requests/2.24.0 authn_type=account errno=999 time=2020-12-21T11:49:07.494000 uid=admin

[Natim]

Hello @AlexB1986, thank you for your feedbacks, are you planning to send us pull-requests to issues that you are filling? If yes, I would recommend to create pull-request in between new issues.

[s-surineni]

Hi, Can I work on this issue?

[s-surineni]

@AlexB1986 Can you please provide more info to replicate the issue? I tried with your endpoint but I couldn't reproduce it

[AlexB1986]

@s-surineni Hi! I retested on new Kinto docker image 14.4.0.dev0 (in 2020 I tested on 14.0.1.dev0)-- I can not reproduce it. Seems it was fixed.

[leplatrem]

I don't think there were much changes in that part of the code over this period of time.

The error suggests it comes from a specific content in the DB. Somewhere somehow a permission with only 2 parts is stored and it eventually crashes the perm endpoint when retrieving it with _, object_id, permission = key.split(":", 2)

[leplatrem]

"GET   /v1/permissions?exclude_resource_name=record&_sort=id" ? (? ms) not enough values to unpack (expected 3, got 2) errno=999
Traceback (most recent call last):
  File "/opt/venv/lib/python3.10/site-packages/pyramid/tweens.py", line 41, in excview_tween
    response = handler(request)
  File "/opt/venv/lib/python3.10/site-packages/kinto/core/events.py", line 165, in tween
    response = handler(request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/router.py", line 143, in handle_request
    response = _call_view(
  File "/opt/venv/lib/python3.10/site-packages/pyramid/view.py", line 674, in _call_view
    response = view_callable(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/config/views.py", line 151, in __call__
    return view(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/config/views.py", line 170, in attr_view
    return view(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/config/views.py", line 196, in predicate_wrapper
    return view(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/viewderivers.py", line 319, in secured_view
    return view(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/viewderivers.py", line 427, in rendered_view
    result = view(context, request)
  File "/opt/venv/lib/python3.10/site-packages/pyramid/viewderivers.py", line 141, in _requestonly_view
    response = view(request)
  File "/opt/venv/lib/python3.10/site-packages/cornice/service.py", line 590, in wrapper
    response = view_()
  File "/opt/venv/lib/python3.10/site-packages/kinto/core/resource/__init__.py", line 350, in plural_get
    return self._plural_get(False)
  File "/opt/venv/lib/python3.10/site-packages/kinto/core/resource/__init__.py", line 388, in _plural_get
    objects = self.model.get_objects(
  File "/opt/venv/lib/python3.10/site-packages/kinto/views/permissions.py", line 79, in get_objects
    objects, _ = self._get_objects(
  File "/opt/venv/lib/python3.10/site-packages/kinto/views/permissions.py", line 117, in _get_objects
    perms_by_object_uri = backend.get_accessible_objects(principals)
  File "/opt/venv/lib/python3.10/site-packages/kinto/core/decorators.py", line 45, in decorated
    result = method(self, *args, **kwargs)
  File "/opt/venv/lib/python3.10/site-packages/kinto/core/permission/memory.py", line 101, in get_accessible_objects
    _, object_id, permission = key.split(":", 2)
ValueError: not enough values to unpack (expected 3, got 2)

[Abhishek-jha-96]

is this issue still open??

[Natim]

@Abhishek-jha-96 yes, feel free to reproduce and fix :pray:

[Abhishek-jha-96]

So while trying to reproduce this issue (using postman) I got this : { "code": 400, "errno": 107, "error": "Invalid parameters", "message": "querystring: _token has invalid content", "details": [ { "location": "querystring", "name": null, "description": "_token has invalid content" } ] } method : GET url: http://127.0.0.1:8888/v1/permissions?_since=6148&_token= HTTP/1.1 so this might be fixed or i am getting auth issues can some one help me on this?

[Natim]

I believe you need a valid token to be able to access the page.

[Abhishek-jha-96]

I am getting 200 ok response

[Natim]

Are you using the memory backend? It seems to happen only with it according to the stacktrace.

[Abhishek-jha-96]

yes, because by default(in the doc) backend option is memory backend

[Natim]

Perfect then, let's close it.

[Natim]

I'm a bit surprised though, because the line still exists: https://github.com/Kinto/kinto/blob/master/kinto/core/permission/memory.py#L101

[Abhishek-jha-96]

then I guess I am unable to reproduce it. its gives 200 ok status but { "data": [ { "uri": "/", "resource_name": "root", "permissions": [ "account:create" ] } ] } as this line:_, object_id, permission = key.split(":", 2) is trying to split key into 3 different variable it suppose to give error here what should I do??