Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exception Type: UnboundLocalError at /user/user-search-results/ #313

Closed
jpwhite4 opened this issue Jul 20, 2021 · 1 comment · Fixed by #314
Closed

Exception Type: UnboundLocalError at /user/user-search-results/ #313

jpwhite4 opened this issue Jul 20, 2021 · 1 comment · Fixed by #314
Labels
bug Something isn't working

Comments

@jpwhite4
Copy link
Member

The search_a_user function in the LocalUserSearch class has a code path that leads referencing an undefined variable. Offending code at

https://github.com/ubccr/coldfront/blob/master/coldfront/core/user/utils.py#L56

If you call this function with user_search_string set to None or search_by set to anything other than "all_fields" or "username_only" then the entries variable will not be assigned a value (and the return value from User.object.all() will be ignored too).

I was able to reproduce this in the hpc-toolset-tutorial docker images by using curl to call the /user/user-search-results endpoint and editing the POST parameters to pass in a different value of the 'search_by' parameter (I've stripped out the auth tokens - not that it matters too much since this was in a throwaway docker):

curl 'https://localhost:2443/user/user-search-results/' \
  -H 'authority: localhost:2443' \
  -H 'pragma: no-cache' \
  -H 'cache-control: no-cache' \
  -H 'sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"' \
  -H 'accept: */*' \
  -H 'dnt: 1' \
  -H 'x-requested-with: XMLHttpRequest' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36' \
  -H 'content-type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'origin: https://localhost:2443' \
  -H 'sec-fetch-site: same-origin' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: https://localhost:2443/user/user-search-home/' \
  -H 'accept-language: en-GB,en;q=0.9' \
  -H 'cookie: mod_auth_openidc_state_[REDACT]=[REDACTED]; csrftoken=[REDACTED]; sessionid=[REDACTED]' \
  --data-raw 'q=what&search_by=looking&csrfmiddlewaretoken=[REDACTED]' \
  --compressed \
  --insecure

Error output:

Traceback:

File "/srv/www/venv/lib64/python3.6/site-packages/django/core/handlers/exception.py" in inner
  34.             response = get_response(request)

File "/srv/www/venv/lib64/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  115.                 response = self.process_exception_by_middleware(e, request)

File "/srv/www/venv/lib64/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  113.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/srv/www/venv/lib64/python3.6/site-packages/django/views/generic/base.py" in view
  71.             return self.dispatch(request, *args, **kwargs)

File "/srv/www/venv/lib64/python3.6/site-packages/django/contrib/auth/mixins.py" in dispatch
  52.         return super().dispatch(request, *args, **kwargs)

File "/srv/www/venv/lib64/python3.6/site-packages/django/contrib/auth/mixins.py" in dispatch
  109.         return super().dispatch(request, *args, **kwargs)

File "/srv/www/venv/lib64/python3.6/site-packages/django/views/generic/base.py" in dispatch
  97.         return handler(request, *args, **kwargs)

File "/srv/www/venv/lib64/python3.6/site-packages/coldfront/core/user/views.py" in post
  242.         context = cobmined_user_search_obj.search()

File "/srv/www/venv/lib64/python3.6/site-packages/coldfront/core/user/utils.py" in search
  93.             users = search_class_obj.search()

File "/srv/www/venv/lib64/python3.6/site-packages/coldfront/core/user/utils.py" in search
  35.             matches = self.search_a_user(self.user_search_string, self.search_by)

File "/srv/www/venv/lib64/python3.6/site-packages/coldfront/core/user/utils.py" in search_a_user
  59.         for idx, user in enumerate(entries, 1):

Exception Type: UnboundLocalError at /user/user-search-results/
Exception Value: local variable 'entries' referenced before assignment
Request information:
USER: hpcadmin

GET: No GET data

POST:
q = 'redacted'
search_by = 'looking'
@aebruno aebruno added the bug Something isn't working label Jul 20, 2021
aebruno added a commit that referenced this issue Jul 20, 2021
@aebruno
Copy link
Member

aebruno commented Jul 20, 2021

Thanks for reporting this and for the cURL test. I was able to reproduce and this PR fixed the issue. Looks like this case was never being reached as the javascript was preventing an empty search string from being submitted. Good catch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants