maas init doesn't check if the user or email already exists

Bug #1823153 reported by Junien Fridrick
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MAAS
Fix Committed
Medium
Jacopo Rota

Bug Description

Hi,

Using Ubuntu 18.04, MAAS 2.4.2-7034-g2f5deb8b8-0ubuntu1

I ran "sudo maas init" once, and thought I could paste an actual key in the "Import SSH keys [] (lp:user-id or gh:user-id):" prompt. Apparently I can't, so "maas init" exited with "SSHKeysError: The input entered is not in a correct format. Your SSH keys will not be imported."

I thought user creation just failed, so I tried again with the same user/email, but without putting anything in the SSH key prompt, and all I got was a traceback (see below).

"maas init" should check for user existence.
"maas init" should be a bit more clear that you can't paste a key
"maas init" should offer importing ~/.ssh/*.pub keys, I feel.

Thanks !

$ sudo maas init
Create first admin account:
Username: root
Password:
Again:
Email: <email address hidden>
Import SSH keys [] (lp:user-id or gh:user-id):
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
psycopg2.IntegrityError: duplicate key value violates unique constraint "auth_user_email_1c89df09_uniq"
DETAIL: Key (email)=(<email address hidden>) already exists.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/sbin/maas-region", line 65, in <module>
    main()
  File "/usr/sbin/maas-region", line 61, in main
    run()
  File "/usr/sbin/maas-region", line 49, in run
    management.execute_from_command_line()
  File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 356, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 283, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 330, in execute
    output = self.handle(*args, **options)
  File "/usr/lib/python3/dist-packages/maasserver/management/commands/createadmin.py", line 172, in handle
    username, email=email, password=password)
  File "/usr/lib/python3/dist-packages/django/contrib/auth/models.py", line 170, in create_superuser
    return self._create_user(username, email, password, **extra_fields)
  File "/usr/lib/python3/dist-packages/django/contrib/auth/models.py", line 153, in _create_user
    user.save(using=self._db)
  File "/usr/lib/python3/dist-packages/django/contrib/auth/base_user.py", line 80, in save
    super(AbstractBaseUser, self).save(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/django/db/models/base.py", line 808, in save
    force_update=force_update, update_fields=update_fields)
  File "/usr/lib/python3/dist-packages/django/db/models/base.py", line 838, in save_base
    updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
  File "/usr/lib/python3/dist-packages/django/db/models/base.py", line 924, in _save_table
    result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)
  File "/usr/lib/python3/dist-packages/django/db/models/base.py", line 963, in _do_insert
    using=using, raw=raw)
  File "/usr/lib/python3/dist-packages/django/db/models/manager.py", line 85, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/django/db/models/query.py", line 1076, in _insert
    return query.get_compiler(using=using).execute_sql(return_id)
  File "/usr/lib/python3/dist-packages/django/db/models/sql/compiler.py", line 1112, in execute_sql
    cursor.execute(sql, params)
  File "/usr/lib/python3/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
  File "/usr/lib/python3/dist-packages/django/db/utils.py", line 94, in __exit__
    six.reraise(dj_exc_type, dj_exc_value, traceback)
  File "/usr/lib/python3/dist-packages/django/utils/six.py", line 685, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
django.db.utils.IntegrityError: duplicate key value violates unique constraint "auth_user_email_1c89df09_uniq"
DETAIL: Key (email)=(<email address hidden>) already exists.

Related branches

Changed in maas:
status: New → Triaged
importance: Undecided → Medium
milestone: none → 2.6.0
Revision history for this message
Celia Wang (ziyiwang) wrote :

Hi,

Met the exact same issue here with the same Ubuntu and MaaS version.
I tried to import ssh key from launchpad but input a wrong lh account. The import failed obviously.
But when I try to import again with the correct account, `maas init` gives me the same error as above.

Changed in maas:
milestone: 2.6.0 → 3.4.0
Jacopo Rota (r00ta)
Changed in maas:
assignee: nobody → Jacopo Rota (r00ta)
Revision history for this message
Jacopo Rota (r00ta) wrote :

The point here is that in the code we first create the user, then we validate the ssh key and store it in the DB. See https://git.launchpad.net/maas/tree/src/maasserver/management/commands/createadmin.py#n140 .

I think we have two options:
1) we improve the error message, clarifying that the user has been created but the SSH keys were not imported
2) we validate the ssh keys before the user gets created with the result that no user gets created.

According to the comments and to the number of impacted users, I'd say in general the user expects the entire user creation to fail in such case. Let me know if you are fine with option 2.

Revision history for this message
Junien Fridrick (axino) wrote :

Hello Jacopo - thanks for taking a look !

I am fine with option 2 - if it's made clear that the user hasn't been created at all.
On top of that, I think trying to use a user or an email address that already exists should result in a proper error, and not a traceback.

Cheers

Changed in maas:
status: Triaged → Fix Committed
Alberto Donato (ack)
Changed in maas:
milestone: 3.4.0 → 3.4.0-beta2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.