Hi
While trying to set up OpenId Connect in my Zammad installation, I think I encountered a bug on the error page. The text is not formatted and the template glitches out.
I am getting AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT
and undefined method [] for nil:NilClass (NoMethodError)
.
Am I doing something wrong in my configuration? Many thanks in advance!
Infos:
- Used Zammad version: 4.1.0-6
- Installation method (source, package, …): Docker compose
- Operating system: Ubuntu 21.04
- Database + version: Postgres 4.1.0-6
- Elasticsearch version: 4.1.0-6
- Browser + version: Brave Versie 1.27.109 Chromium: 92.0.4515.115
Stacktrace:
I, [2021-08-03T07:18:54.755567 #1-47292219813420] INFO -- : Started GET "/auth/sso/callback?code=[FILTERED]&scope=openid&state=sit95BJ6PADamslplDbP7CkzBMs&session_state=aqZp8K9bkkT-JZq0wjZJVPyauo7rKtd4NXPWWmThHXY.3377962944B7B6454654278A39F011E1" for REDACTED_IP at 2021-08-03 07:18:54 +0000
I, [2021-08-03T07:18:54.759852 #1-47292219813420] INFO -- : Processing by SessionsController#create_omniauth as HTML
I, [2021-08-03T07:18:54.760047 #1-47292219813420] INFO -- : Parameters: {"code"=>"[FILTERED]", "scope"=>"openid", "state"=>"sit95BJ6PADamslplDbP7CkzBMs", "session_state"=>"aqZp8K9bkkT-JZq0wjZJVPyauo7rKtd4NXPWWmThHXY.3377962944B7B6454654278A39F011E1", "provider"=>"sso"}
I, [2021-08-03T07:18:54.760482 #1-47292219813420] INFO -- : AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT
I, [2021-08-03T07:18:54.760733 #1-47292219813420] INFO -- : Redirected to https://REDACTED_DOMAIN/
E, [2021-08-03T07:18:54.760943 #1-47292219813420] ERROR -- : undefined method `[]' for nil:NilClass (NoMethodError)
/opt/zammad/app/models/authorization.rb:13:in `find_from_hash'
/opt/zammad/app/controllers/sessions_controller.rb:85:in `create_omniauth'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/abstract_controller/base.rb:194:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/rendering.rb:30:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:109:in `block in run_callbacks'
/opt/zammad/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb:18:in `block (4 levels) in <module:HasSecureContentSecurityPolicyForDownloads>'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/notifications.rb:180:in `subscribed'
/opt/zammad/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb:17:in `block (3 levels) in <module:HasSecureContentSecurityPolicyForDownloads>'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/notifications.rb:180:in `subscribed'
/opt/zammad/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb:16:in `block (2 levels) in <module:HasSecureContentSecurityPolicyForDownloads>'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:118:in `instance_exec'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/zammad/app/controllers/application_controller/handles_transitions.rb:14:in `handle_transaction'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:136:in `run_callbacks'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/abstract_controller/callbacks.rb:41:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/rescue.rb:22:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/notifications.rb:168:in `block in instrument'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/notifications.rb:168:in `instrument'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
/usr/local/bundle/gems/activerecord-5.2.4.6/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/abstract_controller/base.rb:134:in `process'
/usr/local/bundle/gems/actionview-5.2.4.6/lib/action_view/rendering.rb:32:in `process'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal.rb:191:in `dispatch'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_controller/metal.rb:252:in `dispatch'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/routing/route_set.rb:34:in `serve'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/journey/router.rb:52:in `block in serve'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/journey/router.rb:35:in `each'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/journey/router.rb:35:in `serve'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/routing/route_set.rb:840:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:420:in `call_app!'
/usr/local/bundle/gems/omniauth-saml-1.10.1/lib/omniauth/strategies/saml.rb:89:in `other_phase'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:190:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/usr/local/bundle/gems/omniauth-1.9.1/lib/omniauth/builder.rb:45:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/etag.rb:27:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/conditional_get.rb:27:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/callbacks.rb:98:in `run_callbacks'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/usr/local/bundle/gems/railties-5.2.4.6/lib/rails/rack/logger.rb:38:in `call_app'
/usr/local/bundle/gems/railties-5.2.4.6/lib/rails/rack/logger.rb:26:in `block in call'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/tagged_logging.rb:71:in `block in tagged'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/tagged_logging.rb:28:in `tagged'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/tagged_logging.rb:71:in `tagged'
/usr/local/bundle/gems/railties-5.2.4.6/lib/rails/rack/logger.rb:26:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/method_override.rb:24:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/runtime.rb:22:in `call'
/usr/local/bundle/gems/activesupport-5.2.4.6/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/usr/local/bundle/gems/actionpack-5.2.4.6/lib/action_dispatch/middleware/executor.rb:14:in `call'
/usr/local/bundle/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in `call'
/usr/local/bundle/gems/railties-5.2.4.6/lib/rails/engine.rb:524:in `call'
/usr/local/bundle/gems/puma-4.3.8/lib/puma/configuration.rb:228:in `call'
/usr/local/bundle/gems/puma-4.3.8/lib/puma/server.rb:718:in `handle_request'
/usr/local/bundle/gems/puma-4.3.8/lib/puma/server.rb:472:in `process_client'
/usr/local/bundle/gems/puma-4.3.8/lib/puma/server.rb:328:in `block in run'
/usr/local/bundle/gems/puma-4.3.8/lib/puma/thread_pool.rb:134:in `block in spawn_thread'
/usr/local/bundle/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
E, [2021-08-03T07:18:54.762718 #1-47292219813420] ERROR -- : Error ID KUxqTPlW: undefined method `[]' for nil:NilClass
I, [2021-08-03T07:18:54.763189 #1-47292219813420] INFO -- : Completed 500 Internal Server Error in 3ms (ActiveRecord: .0ms)
F, [2021-08-03T07:18:54.763673 #1-47292219813420] FATAL -- :
F, [2021-08-03T07:18:54.763700 #1-47292219813420] FATAL -- : AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".):
F, [2021-08-03T07:18:54.763716 #1-47292219813420] FATAL -- :
F, [2021-08-03T07:18:54.763740 #1-47292219813420] FATAL -- : app/controllers/application_controller/handles_errors.rb:74:in `block (2 levels) in respond_to_exception'
[de25c39f-b8ed-4698-909e-180214edb863] app/controllers/application_controller/handles_errors.rb:66:in `respond_to_exception'
[de25c39f-b8ed-4698-909e-180214edb863] app/controllers/application_controller/handles_errors.rb:32:in `internal_server_error'
I, [2021-08-03T07:19:05.094599 #1-47292219814240] INFO -- : Completed 200 OK in 25026ms (Views: 0.4ms | ActiveRecord: 2.4ms)
Expected behavior:
- Shows error page with traceback and possibly SSO integration works resulting in a session being created.
Actual behavior:
- The text is not formatted and the template glitches out.
Steps to reproduce the behavior:
- Run latest docker-compose.yml
- Create Apache container with Dockerfile:
FROM ubuntu:20.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get upgrade
RUN apt-get install -y apache2 --no-install-recommends
RUN apt-get install -y krb5-user libapache2-mod-auth-openidc
RUN a2enmod auth_openidc rewrite proxy proxy_http proxy_balancer proxy_wstunnel headers
COPY apache2.conf /etc/apache2/sites-available/000-default.conf
RUN rm /etc/apache2/sites-available/default-ssl.conf
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_RUN_DIR /etc/apache2
EXPOSE 80
ENTRYPOINT ["/usr/sbin/apache2"]
CMD ["-D", "FOREGROUND"]
- Create apache.conf with configuration:
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
ServerName REDACTED_DOMAIN
ErrorLog /dev/stdout
CustomLog /dev/stdout combined
LogLevel debug
OIDCProviderMetadataURL https://REDACTED_DOMAIN/.well-known/openid-configuration
OIDCClientID REDACTED_ID
OIDCClientSecret REDACTED_SECRET
OIDCSSLValidateServer 0
OIDCRedirectURI https://REDACTED_DOMAIN/auth/sso/callback
OIDCCryptoPassphrase REDACTED_SECRET
<Location /auth/sso>
AuthType openid-connect
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1,NS]
RequestHeader set X-Forwarded-User "%{RU}e" env=RU
</Location>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /ws ws://REDACTED_IP:8080/
ProxyPass / http://REDACTED_IP:8080/
ProxyPassReverse / http://REDACTED_IP:8080/
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set Host REDACTED_DOMAIN
RewriteRule /(.*) http://REDACTED_IP:8080/$1 [P,l]
</VirtualHost>
- Enable SSO in Zammad