Legacy Validity Period

Hello All,

PrivacyIdea Version - 2.19.1 (Non-Enterprise)

Authentication is not working with legacy validity period.
We are only seeing this problem with SPASS tokens.
The error is… “TypeError: init() takes exactly 1 argument (3 given)”.
We applied the fix in this commit.
Updating the validity period fixes the problem. However; the authentication should still be able to work with legacy time.

Do we have an idea to mass update the legacy time, or is there already a fix to authenticate with legacy time?

The commit you mentioned should be part of 2.19.1. So I am a bit confused.
Why did you apply it, when it is already contained?
Or did you cherry pick this? This will probably fail!

Can you please provide more information on the TypeError and then open an issue at github?

For mass updating the legacy time you probably need a script. A simple SQL statement won’t do this.

THanks a lot
Cornelius

I cherry picked the commit. I was using the initial release version of 2.19 with the bug fixes in the enterprise version.

I updated all the fields with a script, and the validation was proceeding fine.

If you only used the single commit, there might be some functionality missing - like reading and convering legacy time format.

I recommend to rebase on our master branch.

Do I understand correctly, that you are fine, now?

Cornelius, apologies for the delay…
I tested this recently with an spass token.

Steps taken:

  1. Create SPASS token in 2.18.
  2. Successfully tested token.
  3. Upgraded 2.18 to 2.19.
  4. Failure to test token.

59 PM

I guess this is upgrade to 2.19.1?

Do you have a error log by any chance?
Thanks a lot
Cornelius

[2017-08-30 13:01:58,427] ERROR in app: Exception on /validate/check [POST]
Traceback (most recent call last):
File “/opt/privacyidea/local/lib/python2.7/dist-packages/flask/app.py”, line 1982, in wsgi_app
response = self.full_dispatch_request()
File “/opt/privacyidea/local/lib/python2.7/dist-packages/flask/app.py”, line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/flask/app.py”, line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/flask/app.py”, line 1612, in full_dispatch_request
rv = self.dispatch_request()
File “/opt/privacyidea/local/lib/python2.7/dist-packages/flask/app.py”, line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”, line 101, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”, line 117, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”, line 117, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”, line 117, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”, line 91, in check_user_or_serial_in_request_wrapper
f_result = func(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/subscriptions.py”, line 278, in check_subscription_wrapper
f_result = func(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”, line 117, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/event.py”, line 60, in event_wrapper
f_result = func(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/api/validate.py”, line 294, in check
result, details = check_serial_pass(serial, password, options=options)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 154, in log_wrapper
return func(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 83, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 378, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/token.py”, line 1813, in check_serial_pass
options=options)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 154, in log_wrapper
return func(*args, **kwds)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/token.py”, line 1984, in check_token_list
if token_obj.check_all(message_list):
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py”, line 1067, in check_all
elif not self.check_validity_period():
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py”, line 1028, in check_validity_period
start = self.get_validity_period_start()
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py”, line 916, in get_validity_period_start
start = parse_legacy_time(start)
File “/opt/privacyidea/local/lib/python2.7/dist-packages/privacyidea/lib/utils.py”, line 649, in parse_legacy_time
d = parse_date_string(ts, tzinfos=tzlocal, dayfirst=True)
File “/usr/lib/python2.7/dist-packages/dateutil/parser.py”, line 1182, in parse
return DEFAULTPARSER.parse(timestr, **kwargs)
File “/usr/lib/python2.7/dist-packages/dateutil/parser.py”, line 591, in parse
tzdata = tzinfos(res.tzname, res.tzoffset)
TypeError: init() takes exactly 1 argument (3 given)

Which version of Python dateutil are you using?
Looks like you are using the systems own package?

We cover this line in a unit test (https://codecov.io/gh/privacyidea/privacyidea/src/e8949a07adc6159655d886c315ac5325ac268b96/privacyidea/lib/utils.py#L730)
but maybe we need to add some more…

This is the test:


How does your time look in the database?

Yes, you are right. I am using python-dateutil 2.6.1. I downgraded to 2.4.2 and worked like a charm.

We will downgrade the module, but will there be any compatibility with updated version of the modules?

Yes there will be!
Thanks a lot for bringing this up!

See this: https://github.com/privacyidea/privacyidea/issues/774

Thank you!

Since we are on the topic, I have also noticed a versioning issue with the latest cryptography module and the quick resolver testing.

I will include more details in a separate issue.
Would you prefer a github issue or a community post?

If you identified something were action needs to be taken in regards to the code - so if you already know, that we need to change something - please file an issue at github. This is better for keeping track in development.
THanks a lot
Cornelius

1 Like

We fixed the issue.

Unfortunately at the moment tests are failing due no numpy on travis.