Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Catch exceptions in password_providers #8636

Merged
merged 3 commits into from
Nov 11, 2020
Merged

Catch exceptions in password_providers #8636

merged 3 commits into from
Nov 11, 2020

Conversation

NicolaiSoeborg
Copy link
Contributor

@NicolaiSoeborg NicolaiSoeborg commented Oct 22, 2020

Catch exceptions during Initialization of password_providers.

Currently synapse will just fail to start with no error message if a password provider throws an exception in __init__.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
  • Pull request includes a sign off
  • Code style is correct (run the linters)

Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
@clokep clokep requested a review from a team October 23, 2020 11:03
@erikjohnston
Copy link
Member

Personally I think failing is the right thing to do, in the same way as we fail if we can't pass the config. What do you think about raising a ConfigError (with helpful info) instead?

module(config=config, account_handler=account_handler)
)
except Exception as e:
logger.warn("Error while initializing %r: %s", module, e)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would then be something like:

Suggested change
logger.warn("Error while initializing %r: %s", module, e)
raise ConfigError("Error while initializing %r: %s" % (module, e))

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this work though since we're past the configuration stage when this gets instantiated?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is... true. I'm failing to find an example of us failing while starting up outside of database and config sensibly atm :/

@clokep clokep added the X-Awaiting-Changes A contributed PR which needs changes and re-review before it can be merged label Oct 28, 2020
This will make sure that synapse will not start if any `password_provider` throws in `__init__`
@NicolaiSoeborg
Copy link
Contributor Author

I've added a raise, so it will block synapse from starting with a bad password_provider, but still have the logger.warn:

Before this PR:

python3 -m synapse.app.homeserver --config-path /etc/matrix-synapse/homeserver.yaml
2020-10-30 20:55:57,218 - user - 317 - WARNING - None - ***** STARTING SERVER *****
2020-10-30 20:55:57,219 - user - 318 - WARNING - None - Server /home/user/synapse/app/homeserver.py version 1.22.0rc1 (b=develop,054a6b953,dirty)

After this PR:

python3 -m synapse.app.homeserver --config-path /etc/matrix-synapse/homeserver.yaml
2020-10-30 20:55:57,218 - user - 317 - WARNING - None - ***** STARTING SERVER *****
2020-10-30 20:55:57,219 - user - 318 - WARNING - None - Server /home/user/synapse/app/homeserver.py version 1.22.0rc1 (b=develop,054a6b953,dirty)
2020-10-30 21:04:05,009 - synapse.handlers.auth - 180 - WARNING - None - Error while initializing <class 'synapse_mfa.SynapseMFA'>: division by zero

I wanted to maybe catch the error higher in the stack, but if I print the stacktrace I just get:

Traceback (most recent call last):
  File "/root/matrix/synapse/synapse/handlers/auth.py", line 176, in __init__
    self.password_providers = [
  File "/root/matrix/synapse/synapse/handlers/auth.py", line 177, in <listcomp>
    module(config=config, account_handler=account_handler)
  File "/root/matrix/synapse-mfa/synapse_mfa.py", line 12, in __init__
    self.a = 0/0  # some error
ZeroDivisionError: division by zero

Not sure what initializes AuthHandler or if something fancy addErrback can be added to catch errors

@erikjohnston erikjohnston requested a review from a team October 30, 2020 22:47
@erikjohnston erikjohnston removed the X-Awaiting-Changes A contributed PR which needs changes and re-review before it can be merged label Oct 30, 2020
@erikjohnston
Copy link
Member

I think something is swallowing your stderr, which is where stack traces seem to be going. Do you have no_redirect_stdio set in your config?

On my setup it seems like the error is bubbling up to here:

try:
hs.setup()
except IncorrectDatabaseSetup as e:
quit_with_error(str(e))
except UpgradeDatabaseException as e:
quit_with_error("Failed to upgrade database: %s" % (e,))

which does't catch the exception. I think we probably want to add the same handling as:

except Exception:
traceback.print_exc(file=sys.stderr)
reactor = hs.get_reactor()
if reactor.running:
reactor.stop()
sys.exit(1)

@erikjohnston
Copy link
Member

Ideally we'd attempt to handle the errors as per my previous comment, but equally this is a net improvement so I'm happy to land this if you're not in a position to dig further into it.

@erikjohnston erikjohnston self-requested a review November 6, 2020 11:41
@erikjohnston erikjohnston merged commit 4c7587e into matrix-org:develop Nov 11, 2020
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Nov 18, 2020
Synapse 1.23.0 (2020-11-18)
===========================

This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details.

**Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so.

Bugfixes
--------

- Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. ([\#8767](matrix-org/synapse#8767))


Synapse 1.23.0rc1 (2020-11-13)
==============================

Features
--------

- Add a push rule that highlights when a jitsi conference is created in a room. ([\#8286](matrix-org/synapse#8286))
- Add an admin api to delete a single file or files that were not used for a defined time from server. Contributed by @dklimpel. ([\#8519](matrix-org/synapse#8519))
- Split admin API for reported events (`GET /_synapse/admin/v1/event_reports`) into detail and list endpoints. This is a breaking change to #8217 which was introduced in Synapse v1.21.0. Those who already use this API should check their scripts. Contributed by @dklimpel. ([\#8539](matrix-org/synapse#8539))
- Support generating structured logs via the standard logging configuration. ([\#8607](matrix-org/synapse#8607), [\#8685](matrix-org/synapse#8685))
- Add an admin API to allow server admins to list users' pushers. Contributed by @dklimpel. ([\#8610](matrix-org/synapse#8610), [\#8689](matrix-org/synapse#8689))
- Add an admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information about uploaded media. Contributed by @dklimpel. ([\#8647](matrix-org/synapse#8647))
- Add an admin API for local user media statistics. Contributed by @dklimpel. ([\#8700](matrix-org/synapse#8700))
- Add `displayname` to Shared-Secret Registration for admins. ([\#8722](matrix-org/synapse#8722))


Bugfixes
--------

- Fix fetching of E2E cross signing keys over federation when only one of the master key and device signing key is cached already. ([\#8455](matrix-org/synapse#8455))
- Fix a bug where Synapse would blindly forward bad responses from federation to clients when retrieving profile information. ([\#8580](matrix-org/synapse#8580))
- Fix a bug where the account validity endpoint would silently fail if the user ID did not have an expiration time. It now returns a 400 error. ([\#8620](matrix-org/synapse#8620))
- Fix email notifications for invites without local state. ([\#8627](matrix-org/synapse#8627))
- Fix handling of invalid group IDs to return a 400 rather than log an exception and return a 500. ([\#8628](matrix-org/synapse#8628))
- Fix handling of User-Agent headers that are invalid UTF-8, which caused user agents of users to not get correctly recorded. ([\#8632](matrix-org/synapse#8632))
- Fix a bug in the `joined_rooms` admin API if the user has never joined any rooms. The bug was introduced, along with the API, in v1.21.0. ([\#8643](matrix-org/synapse#8643))
- Fix exception during handling multiple concurrent requests for remote media when using multiple media repositories. ([\#8682](matrix-org/synapse#8682))
- Fix bug that prevented Synapse from recovering after losing connection to the database. ([\#8726](matrix-org/synapse#8726))
- Fix bug where the `/_synapse/admin/v1/send_server_notice` API could send notices to non-notice rooms. ([\#8728](matrix-org/synapse#8728))
- Fix PostgreSQL port script fails when DB has no backfilled events. Broke in v1.21.0. ([\#8729](matrix-org/synapse#8729))
- Fix PostgreSQL port script to correctly handle foreign key constraints. Broke in v1.21.0. ([\#8730](matrix-org/synapse#8730))
- Fix PostgreSQL port script so that it can be run again after a failure. Broke in v1.21.0. ([\#8755](matrix-org/synapse#8755))


Improved Documentation
----------------------

- Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk. ([\#8582](matrix-org/synapse#8582))
- Improve the sample configuration for single sign-on providers. ([\#8635](matrix-org/synapse#8635))
- Fix the filepath of Dex's example config and the link to Dex's Getting Started guide in the OpenID Connect docs. ([\#8657](matrix-org/synapse#8657))
- Note support for Python 3.9. ([\#8665](matrix-org/synapse#8665))
- Minor updates to docs on running tests. ([\#8666](matrix-org/synapse#8666))
- Interlink prometheus/grafana documentation. ([\#8667](matrix-org/synapse#8667))
- Notes on SSO logins and media_repository worker. ([\#8701](matrix-org/synapse#8701))
- Document experimental support for running multiple event persisters. ([\#8706](matrix-org/synapse#8706))
- Add information regarding the various sources of, and expected contributions to, Synapse's documentation to `CONTRIBUTING.md`. ([\#8714](matrix-org/synapse#8714))
- Migrate documentation `docs/admin_api/event_reports` to markdown. ([\#8742](matrix-org/synapse#8742))
- Add some helpful hints to the README for new Synapse developers. Contributed by @chagai95. ([\#8746](matrix-org/synapse#8746))


Internal Changes
----------------

- Optimise `/createRoom` with multiple invited users. ([\#8559](matrix-org/synapse#8559))
- Implement and use an `@lru_cache` decorator. ([\#8595](matrix-org/synapse#8595))
- Don't instansiate Requester directly. ([\#8614](matrix-org/synapse#8614))
- Type hints for `RegistrationStore`. ([\#8615](matrix-org/synapse#8615))
- Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](matrix-org/synapse#8616))
- Remove unused OPTIONS handlers. ([\#8621](matrix-org/synapse#8621))
- Run `mypy` as part of the lint.sh script. ([\#8633](matrix-org/synapse#8633))
- Correct Synapse's PyPI package name in the OpenID Connect installation instructions. ([\#8634](matrix-org/synapse#8634))
- Catch exceptions during initialization of `password_providers`. Contributed by Nicolai Søborg. ([\#8636](matrix-org/synapse#8636))
- Fix typos and spelling errors in the code. ([\#8639](matrix-org/synapse#8639))
- Reduce number of OpenTracing spans started. ([\#8640](matrix-org/synapse#8640), [\#8668](matrix-org/synapse#8668), [\#8670](matrix-org/synapse#8670))
- Add field `total` to device list in admin API. ([\#8644](matrix-org/synapse#8644))
- Add more type hints to the application services code. ([\#8655](matrix-org/synapse#8655), [\#8693](matrix-org/synapse#8693))
- Tell Black to format code for Python 3.5. ([\#8664](matrix-org/synapse#8664))
- Don't pull event from DB when handling replication traffic. ([\#8669](matrix-org/synapse#8669))
- Abstract some invite-related code in preparation for landing knocking. ([\#8671](matrix-org/synapse#8671), [\#8688](matrix-org/synapse#8688))
- Clarify representation of events in logfiles. ([\#8679](matrix-org/synapse#8679))
- Don't require `hiredis` package to be installed to run unit tests. ([\#8680](matrix-org/synapse#8680))
- Fix typing info on cache call signature to accept `on_invalidate`. ([\#8684](matrix-org/synapse#8684))
- Fail tests if they do not await coroutines. ([\#8690](matrix-org/synapse#8690))
- Improve start time by adding an index to `e2e_cross_signing_keys.stream_id`. ([\#8694](matrix-org/synapse#8694))
- Re-organize the structured logging code to separate the TCP transport handling from the JSON formatting. ([\#8697](matrix-org/synapse#8697))
- Use Python 3.8 in Docker images by default. ([\#8698](matrix-org/synapse#8698))
- Remove the "draft" status of the Room Details Admin API. ([\#8702](matrix-org/synapse#8702))
- Improve the error returned when a non-string displayname or avatar_url is used when updating a user's profile. ([\#8705](matrix-org/synapse#8705))
- Block attempts by clients to send server ACLs, or redactions of server ACLs, that would result in the local server being blocked from the room. ([\#8708](matrix-org/synapse#8708))
- Add metrics the allow the local sysadmin to track 3PID `/requestToken` requests. ([\#8712](matrix-org/synapse#8712))
- Consolidate duplicated lists of purged tables that are checked in tests. ([\#8713](matrix-org/synapse#8713))
- Add some `mdui:UIInfo` element examples for `saml2_config` in the homeserver config. ([\#8718](matrix-org/synapse#8718))
- Improve the error message returned when a remote server incorrectly sets the `Content-Type` header in response to a JSON request. ([\#8719](matrix-org/synapse#8719))
- Speed up repeated state resolutions on the same room by caching event ID to auth event ID lookups. ([\#8752](matrix-org/synapse#8752))


Synapse 1.22.1 (2020-10-30)
===========================

Bugfixes
--------

- Fix a bug where an appservice may not be forwarded events for a room it was recently invited to. Broke in v1.22.0. ([\#8676](matrix-org/synapse#8676))
- Fix `Object of type frozendict is not JSON serializable` exceptions when using third-party event rules. Broke in v1.22.0. ([\#8678](matrix-org/synapse#8678))
@NicolaiSoeborg NicolaiSoeborg deleted the bad-init-in-password_providers branch November 23, 2020 22:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants