This might've started with AAA, but I am not absolutely sure.
The simple reproducer I'd came to is:
bc = BodhiClient(username="frantisekz", useragent="Fedora Easy Karma/GIT", retries=3) bc.csrf()
You'll be asked for password, and if you have two factor auth enabled and forget the 2nd factor, it all blows up with 500:
fedora-easy-karma --fas-username=frantisekz Password: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 833, in urlopen return self.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 833, in urlopen return self.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 833, in urlopen return self.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 819, in urlopen retries = retries.increment(method, url, response=response, _pool=self) File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='id.fedoraproject.org', port=443): Max retries exceeded with url: /api/v1/ (Caused by ResponseError('too many 500 error responses')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/fedora-easy-karma", line 851, in <module> fek = FedoraEasyKarma() File "/usr/bin/fedora-easy-karma", line 500, in __init__ csrf = bc.csrf() File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 117, in wrapper result = method(*args, **kwargs) File "/usr/lib/python3.9/site-packages/bodhi/client/bindings.py", line 616, in csrf self.login(self.username, self.password) File "/usr/lib/python3.9/site-packages/fedora/client/openidbaseclient.py", line 303, in login response = openid_login( File "/usr/lib/python3.9/site-packages/fedora/client/openidproxyclient.py", line 129, in openid_login response = session.post( File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 507, in send raise RetryError(e, request=request) requests.exceptions.RetryError: HTTPSConnectionPool(host='id.fedoraproject.org', port=443): Max retries exceeded with url: /api/v1/ (Caused by ResponseError('too many 500 error responses'))
Metadata Update from @smooge: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: authentication, dev, medium-gain, medium-trouble, ops
It's not clear to me where this issue is... I guess ipsilon / id.fedoraproject.org ? Thats whats sending 500's?
Can you share the exact time you got a 500 there so we can check the ipsilon logs against that?
Probably related to #9927
Yeah, in fact could be a duplicate?
This should be fixed by the upcoming ipsilon release right?
@abompard whats the status here? You had to make some changes in pam or something? Is this likely to get deployed soon?
This is waiting for a new upstream ipsilon release.
Still waiting on ipsilon, but ipsilon is waiting on python-pam (it needs a newer version), but python-pam hasn't done a release and maintainer isn't wanting to push that to fedora.
Hopefully we can find a way forward.
This is finally done! Many thanks to @abompard for driving it forward!
Please do file any issues you hit with the new version...
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.