REST API authorization failed
Hi all,
I’m going to do a mailman2->3 migration in a FreeBSD jail. I installed mailman3 in an venv from pypi, along with nginx, uwsgi and exim. The above error happens when I try to open the base url of my server with a browser (is redirected to postorius/lists/) (no errors on admin/ and hyperkitty urls)
Same passwords and users in mailman.cfg:
[webservice] hostname: localhost port: 8001 use_https: no admin_user: restadmin admin_pass: ???
and in settings.py:
MAILMAN_REST_API_URL = 'http://localhost:8001' MAILMAN_REST_API_USER = 'restadmin' MAILMAN_REST_API_PASS = ???
Its a long password, created as secret key by manage.py
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
On 1/8/22 10:40 AM, Axel Rau wrote:
Hi all,
I’m going to do a mailman2->3 migration in a FreeBSD jail. I installed mailman3 in an venv from pypi, along with nginx, uwsgi and exim. The above error happens when I try to open the base url of my server with a browser (is redirected to postorius/lists/) (no errors on admin/ and hyperkitty urls)
Same passwords and users in mailman.cfg:
[webservice] hostname: localhost port: 8001 use_https: no admin_user: restadmin admin_pass: ???
and in settings.py:
MAILMAN_REST_API_URL = 'http://localhost:8001' MAILMAN_REST_API_USER = 'restadmin' MAILMAN_REST_API_PASS = ???
Its a long password, created as secret key by manage.py
Is the password unquoted in mailman.cfg as
admin_pass: ???
and quoted in settings.py as
MAILMAN_REST_API_PASS = '???'
Does the mailman info command report what you think for REST credentials?
To you get an appropriate JSON response from
wget -O- --user restadmin --password ??? http://localhost:8001/3.1/lists
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark,
thanks for your answer.
Am 08.01.2022 um 23:07 schrieb Mark Sapiro <mark@msapiro.net>:
Is the password unquoted in mailman.cfg as
admin_pass: ??? yes.
and quoted in settings.py as
MAILMAN_REST_API_PASS = '???‘ yes.
Does the
mailman infocommand report what you think for REST credentials? yes.To you get an appropriate JSON response from
wget -O- --user restadmin --password ??? http://localhost:8001/3.1/lists <http://localhost:8001/3.1/lists>
I used curl:
(mailman_33) [root@lists5 /usr/local/mailman3]# curl -v -u restadmin:??? http://localhost:8001/3.1/lists
- Trying 127.0.0.1:8001...
- Connected to localhost (91.216.35.42) port 8001 (#0)
- Server auth using Basic with user 'restadmin'
GET /3.1/lists HTTP/1.1 Host: localhost:8001 Authorization: Basic cmVzdGFkbWluOnc2cmtuQXpJZmVRc1o4WnlkMFpBcmNjcm55OA== User-Agent: curl/7.80.0 Accept: */*
- Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Server: gunicorn < Date: Sun, 09 Jan 2022 13:51:43 GMT < Connection: close
- Authentication problem. Ignoring this. < www-authenticate: Basic realm="mailman3-rest",charset="utf-8" < content-type: application/json < vary: Accept < content-length: 77 <
- Closing connection 0 {"title": "401 Unauthorized", "description": "REST API authorization failed“}
I see "Server: gunicorn“, does this mean, I must install gunicorn?
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
Mailman's content filtering has removed the following MIME parts from this message.
Replaced multipart/alternative part with first alternative.
Am 09.01.2022 um 14:57 schrieb Axel Rau <Axel.Rau@Chaos1.DE>:
I see "Server: gunicorn“, does this mean, I must install gunicorn? It is installed.
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
Mailman's content filtering has removed the following MIME parts from this message.
Replaced multipart/alternative part with first alternative.
On 1/9/22 5:57 AM, Axel Rau wrote:
Does the
mailman infocommand report what you think for REST credentials?yes. ... I used curl:
(mailman_33) [root@lists5 /usr/local/mailman3]# curl -v -u restadmin:??? http://localhost:8001/3.1/lists
- Trying 127.0.0.1:8001...
- Connected to localhost (91.216.35.42) port 8001 (#0)
- Server auth using Basic with user 'restadmin'
GET /3.1/lists HTTP/1.1 Host: localhost:8001 Authorization: Basic cmVzdGFkbWluOnc2cmtuQXpJZmVRc1o4WnlkMFpBcmNjcm55OA== User-Agent: curl/7.80.0 Accept: */*
- Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Server: gunicorn < Date: Sun, 09 Jan 2022 13:51:43 GMT < Connection: close
- Authentication problem. Ignoring this. < www-authenticate: Basic realm="mailman3-rest",charset="utf-8" < content-type: application/json < vary: Accept < content-length: 77 <
- Closing connection 0 {"title": "401 Unauthorized", "description": "REST API authorization failed“}
I see "Server: gunicorn“, does this mean, I must install gunicorn?
As you later reported, gunicorn is installed. It is installed as a dependency of Mailman core to serve as the REST server which is what's going on here. It also may or may not be used as the wsgi server for Django depending on how you configured that, but this is independent.
Anyway, the above is saying that restadmin:??? doesn't match what's
configured in Mailman core and reported by mailman info. Please check
carefully that these are the same in both mailman.cfg admin_pass and
settings MAILMAN_REST_API_PASS.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark,
thanks for your patience.
Am 10.01.2022 um 04:56 schrieb Mark Sapiro <mark@msapiro.net>:
Anyway, the above is saying that restadmin:??? doesn't match what's configured in Mailman core and reported by
mailman info. Please check carefully that these are the same in both mailman.cfg admin_pass and settings MAILMAN_REST_API_PASS.
Yes, again with password disclosed:
(mailman_33) [root@lists5 /usr/local/mailman3]# service mailman restart Restarting the Mailman runners (mailman_33) [root@lists5 /usr/local/mailman3]# su -m www -c "curl -v -u restadmin:restpass http://localhost:8001/3.1/lists"
- Trying 127.0.0.1:8001...
- Connected to localhost (91.216.35.42) port 8001 (#0)
- Server auth using Basic with user 'restadmin'
GET /3.1/lists HTTP/1.1 Host: localhost:8001 Authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz User-Agent: curl/7.80.0 Accept: */*
- Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Server: gunicorn < Date: Mon, 10 Jan 2022 09:39:43 GMT < Connection: close
- Authentication problem. Ignoring this. < www-authenticate: Basic realm="mailman3-rest",charset="utf-8" < content-type: application/json < vary: Accept < content-length: 77 <
- Closing connection 0 {"title": "401 Unauthorized", "description": "REST API authorization failed“} (mailman_33) [root@lists5 /usr/local/mailman3]# (mailman_33) [root@lists5 /usr/local/mailman3]# grep REST settings.py MAILMAN_REST_API_URL = 'http://localhost:8001' MAILMAN_REST_API_USER = 'restadmin' MAILMAN_REST_API_PASS = 'restpass' (mailman_33) [root@lists5 /usr/local/mailman3]# grep admin var/etc/mailman.cfg admin_user: restadmin admin_pass: restpass (mailman_33) [root@lists5 /usr/local/mailman3]#
What am I doing wrong? Is something wrong with my installed python packages? pip freeze attached.
clueless, Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
On 1/10/22 1:58 AM, Axel Rau wrote:
Anyway, the above is saying that restadmin:??? doesn't match what's configured in Mailman core and reported by
mailman info. Please check carefully that these are the same in both mailman.cfg admin_pass and settings MAILMAN_REST_API_PASS.Yes, again with password disclosed:
... (mailman_33) [root@lists5 /usr/local/mailman3]# grep admin var/etc/mailman.cfg admin_user: restadmin admin_pass: restpass
Does mailman info show the same password?
What am I doing wrong?
Nothing.
Is something wrong with my installed python packages?
The relevant code is at https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/rest/wsgiapp.py...
Does that match yours?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 10-Jan-22 13:30, Mark Sapiro wrote:
On 1/10/22 1:58 AM, Axel Rau wrote:
Anyway, the above is saying that restadmin:??? doesn't match what's configured in Mailman core and reported by
mailman info. Please check carefully that these are the same in both mailman.cfg admin_pass and settings MAILMAN_REST_API_PASS.Yes, again with password disclosed:
... (mailman_33) [root@lists5 /usr/local/mailman3]# grep admin var/etc/mailman.cfg admin_user: restadmin admin_pass: restpass
Does
mailman infoshow the same password?
A common issue that may (or may not) be in play here is leading/trailing whitespace and/or non-spacing control characters.
It may be worth making the output (& input) use quotes & escaping, where the input should accept non-spacing controls, leading/trailing whitespace, and non-traditional interior whitespace (e.g. nbsp, numsp, NoBreak, tab) only in escaped form. By escaped form, I mean one or more formats like HTML's , or Python's at https://python-reference.readthedocs.io/en/latest/docs/str/escapes.html
When dealing with user quantities, if it looks like a space, it should be a space. And if you can't see it, it shouldn't be there (using escapes to make the invisible visible is fine).
Mailman's content filtering has removed the following MIME parts from this message.
Replaced multipart/alternative part with first alternative.
Am 10.01.2022 um 19:30 schrieb Mark Sapiro <mark@msapiro.net>:
On 1/10/22 1:58 AM, Axel Rau wrote:
Is something wrong with my installed python packages?
The relevant code is at https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/rest/wsgiapp.py...
Does that match yours?
I suspected the cryptography package for which I did a fake install, because there is no wheel for my platform and I could not build it. After an odyssey with strange cert errors while building the rust tool chain from their website, I finally managed to install it and could build the wheels for 36.0.1 and created the complete installation in a dedicated jail with ansible. Authentication now works and the website shows 'There are currently no mailing lists.‘ (-:
After all these delays, I have only one day left to import 2 lists and to get them up.
Thanks for all your help, Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
participants (4)
-
Axel Rau -
Axel Rau
-
Mark Sapiro -
tlhackque