While attempting to connect to the ldap server, catch
bonsai.ConnectionError to avoid getting this kind of backtrace:

  dlrepo[603976]: Error handling request
  Traceback (most recent call last):
    File "/usr/lib/python3/dist-packages/aiohttp/web_protocol.py", line 435, in _handle_request
      resp = await request_handler(request)
    File "/usr/lib/python3/dist-packages/aiohttp/web_app.py", line 504, in _handle
      resp = await handler(request)
    File "/usr/lib/python3/dist-packages/aiohttp/web_middlewares.py", line 117, in impl
      return await handler(request)
    File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 31, in middleware
      await backend.check(request)
    File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 203, in check
      login, groups = await self.check_basic_auth(request)
    File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 168, in check_basic_auth
      groups = await self.get_user_groups_from_ldap(login, password)
    File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 86, in get_user_groups_from_ldap
      async with client.connect(is_async=True, timeout=self.TIMEOUT) as conn:
    File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 25, in __aenter__
      return await self.__open_coro
    File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 59, in _poll
      raise exc
    File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 54, in _poll
      return await asyncio.wait_for(fut, timeout)
    File "/usr/lib/python3.9/asyncio/tasks.py", line 481, in wait_for
      return fut.result()
    File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 40, in _ready
      res = super().get_result(msg_id)
    bonsai.errors.ConnectionError: Connect error. (unknown error code) (0xFFF5 [-11])

Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
---
 dlrepo/views/auth.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dlrepo/views/auth.py b/dlrepo/views/auth.py
index b2f74277dea8..6c2a904dc939 100644
--- a/dlrepo/views/auth.py
+++ b/dlrepo/views/auth.py
@@ -120,6 +120,9 @@ class AuthBackend:
         except bonsai.AuthenticationError as e:
             LOG.debug("authentication failed for %s: %s", login, e)
             return []
+        except bonsai.ConnectionError as e:
+            LOG.error("failed to connect to ldap server: %s", e)
+            return []
 
         return groups
 
-- 
2.30.2

dlrepo/patches/.build.yml: SUCCESS in 1m32s

[auth: handle connection error to ldap server][0] from [Julien Floret][1]

[0]: https://lists.sr.ht/~rjarry/dlrepo/patches/32505
[1]: julien.floret@6wind.com

✓ #766307 SUCCESS dlrepo/patches/.build.yml https://builds.sr.ht/~rjarry/job/766307

Julien Floret, May 25, 2022 at 14:54:
> While attempting to connect to the ldap server, catch
> bonsai.ConnectionError to avoid getting this kind of backtrace:
>
>   dlrepo[603976]: Error handling request
>   Traceback (most recent call last):
>     File "/usr/lib/python3/dist-packages/aiohttp/web_protocol.py", line 435, in _handle_request
>       resp = await request_handler(request)
>     File "/usr/lib/python3/dist-packages/aiohttp/web_app.py", line 504, in _handle
>       resp = await handler(request)
>     File "/usr/lib/python3/dist-packages/aiohttp/web_middlewares.py", line 117, in impl
>       return await handler(request)
>     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 31, in middleware
>       await backend.check(request)
>     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 203, in check
>       login, groups = await self.check_basic_auth(request)
>     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 168, in check_basic_auth
>       groups = await self.get_user_groups_from_ldap(login, password)
>     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 86, in get_user_groups_from_ldap
>       async with client.connect(is_async=True, timeout=self.TIMEOUT) as conn:
>     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 25, in __aenter__
>       return await self.__open_coro
>     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 59, in _poll
>       raise exc
>     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 54, in _poll
>       return await asyncio.wait_for(fut, timeout)
>     File "/usr/lib/python3.9/asyncio/tasks.py", line 481, in wait_for
>       return fut.result()
>     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 40, in _ready
>       res = super().get_result(msg_id)
>     bonsai.errors.ConnectionError: Connect error. (unknown error code) (0xFFF5 [-11])
>
> Signed-off-by: Julien Floret <julien.floret@6wind.com>
> Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
> ---
>  dlrepo/views/auth.py | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/dlrepo/views/auth.py b/dlrepo/views/auth.py
> index b2f74277dea8..6c2a904dc939 100644
> --- a/dlrepo/views/auth.py
> +++ b/dlrepo/views/auth.py
> @@ -120,6 +120,9 @@ class AuthBackend:
>          except bonsai.AuthenticationError as e:
>              LOG.debug("authentication failed for %s: %s", login, e)
>              return []
> +        except bonsai.ConnectionError as e:
> +            LOG.error("failed to connect to ldap server: %s", e)
> +            return []

This means that the client will get a 401 error instead of 500. I don't
know if that is a big deal but it looks more like a server error than an
authentication failure in my opinion.

If this is only to avoid backtraces in the logs, could you at least
raise an explicit http 500 error instead of returning an empty list?

Le jeu. 26 mai 2022 à 10:28, Robin Jarry <robin@jarry.cc> a écrit :
>
> Julien Floret, May 25, 2022 at 14:54:
> > While attempting to connect to the ldap server, catch
> > bonsai.ConnectionError to avoid getting this kind of backtrace:
> >
> >   dlrepo[603976]: Error handling request
> >   Traceback (most recent call last):
> >     File "/usr/lib/python3/dist-packages/aiohttp/web_protocol.py", line 435, in _handle_request
> >       resp = await request_handler(request)
> >     File "/usr/lib/python3/dist-packages/aiohttp/web_app.py", line 504, in _handle
> >       resp = await handler(request)
> >     File "/usr/lib/python3/dist-packages/aiohttp/web_middlewares.py", line 117, in impl
> >       return await handler(request)
> >     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 31, in middleware
> >       await backend.check(request)
> >     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 203, in check
> >       login, groups = await self.check_basic_auth(request)
> >     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 168, in check_basic_auth
> >       groups = await self.get_user_groups_from_ldap(login, password)
> >     File "/usr/lib/python3/dist-packages/dlrepo/views/auth.py", line 86, in get_user_groups_from_ldap
> >       async with client.connect(is_async=True, timeout=self.TIMEOUT) as conn:
> >     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 25, in __aenter__
> >       return await self.__open_coro
> >     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 59, in _poll
> >       raise exc
> >     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 54, in _poll
> >       return await asyncio.wait_for(fut, timeout)
> >     File "/usr/lib/python3.9/asyncio/tasks.py", line 481, in wait_for
> >       return fut.result()
> >     File "/usr/lib/python3/dist-packages/bonsai/asyncio/aioconnection.py", line 40, in _ready
> >       res = super().get_result(msg_id)
> >     bonsai.errors.ConnectionError: Connect error. (unknown error code) (0xFFF5 [-11])
> >
> > Signed-off-by: Julien Floret <julien.floret@6wind.com>
> > Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
> > ---
> >  dlrepo/views/auth.py | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/dlrepo/views/auth.py b/dlrepo/views/auth.py
> > index b2f74277dea8..6c2a904dc939 100644
> > --- a/dlrepo/views/auth.py
> > +++ b/dlrepo/views/auth.py
> > @@ -120,6 +120,9 @@ class AuthBackend:
> >          except bonsai.AuthenticationError as e:
> >              LOG.debug("authentication failed for %s: %s", login, e)
> >              return []
> > +        except bonsai.ConnectionError as e:
> > +            LOG.error("failed to connect to ldap server: %s", e)
> > +            return []
>
> This means that the client will get a 401 error instead of 500. I don't
> know if that is a big deal but it looks more like a server error than an
> authentication failure in my opinion.
>
> If this is only to avoid backtraces in the logs, could you at least
> raise an explicit http 500 error instead of returning an empty list?

Hi Robin,
You're right, this should be an http 500 error.
As we discussed off-list, the best solution is to rely on aiohttp
default behavior, which is to return a 500 error and print the
backtrace in the server logs [1] [2].
Thus, a patch seems unnecessary here.
Thanks!

[1] https://github.com/aio-libs/aiohttp/blob/master/aiohttp/web_protocol.py#L477-L479=
[2] https://github.com/aio-libs/aiohttp/blob/master/aiohttp/web_protocol.py#L656=