'Session' object has no attribute '_model_changes'

Hi,

I’ve created a second privacyidea system based on the ubuntu 16.04 LTS
packages. (First one is running using ubuntu 14.04 LTS).

Everything seems to be fine. I can log in using the administrative account,
configure realms and resolvers and so on. Like in the other system
mentioned above, I’ve created an editable SQL Resolver using a new MySQL
database table.

Trying to add a new user using this resolver fails with an error message:
‘Session’ object has no attribute ‘_model_changes’ … logs at this time
contains:

[2016-12-05
13:38:53,336][2139][140136058840960][ERROR][privacyidea.app:1423] Exception
on /user/ [POS
T]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File “/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 109, in policy_wrappe
r
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
313, in decorated_function
return f(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/user.py”, line
172, in create_user_api
r = create_user(resolvername, attributes, password=password)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 187,
in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
479, in create_user
uid = y.add_user(attributes)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.py",
line 709, in add
_user
self.db.commit()
File “/usr/lib/python2.7/dist-packages/sqlsoup.py”, line 268, in commit
self.session.commit()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/scoping.py”, line
150, in do
return getattr(self.registry(), name)(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
813, in commit
self.transaction.commit()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
392, in commit
self._prepare_impl()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
361, in _prepare_impl
self.session.dispatch.before_commit(self.session)
File “/usr/lib/python2.7/dist-packages/sqlalchemy/event/attr.py”, line
218, in call
fn(*args, **kw)
File “/usr/lib/python2.7/dist-packages/flask_sqlalchemy/init.py”,
line 162, in session_signal_be
fore_commit
d = session._model_changes
AttributeError: ‘Session’ object has no attribute ‘_model_changes’

Not sure about the reason for this. Just a questions of permissions? Any
idea out there?

Thanks
Stephan

Hello Stephan,

in this line, the error occurs:

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.py”, line 709, in add

Even when creating a user the code should run the loadConfig method -
otherwise it would not know the user database.
And then it should set the _model_changes.

fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L590

Well, you could try a quick hack and add the line

self.session._model_changes = {}

In the method add_user before line 709 - before the commit fails.

fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L709

In the long run there is one difference:

14.04 and 16.04 which come with a different sqlalchemy stack.

So you fail on 16.04. Can you please tell which sqlalchemy drivers you
are using for the token database and the user database.
The best would be to provider the anonymized SQLALCHEMY_DATABASE_URI
and the anonymized config of the sqlresolver.

Kind regards
CorneliusAm Dienstag, den 06.12.2016, 02:49 -0800 schrieb Stephan Heffner:

Hello Cornelius,

Hi Stephan,

which database are you running?

MySQL (5.7 included with Ubuntu 16.04 LTS).

In which database are your users located? In the same as the token
database? (I have no real/good experiences with that).

It’s the same MySQL Instance but different databases and different
users. Each having only access rights to it’s own database schema.

I’ve used a similar setup with the previous version.

Which webserver did you use to run privacyIDEA. Apache2 or Nginx.

Nginx.

Look at the processes/sessions.

In the log file the second column
[2016-12-05 13:38:53,336][2139]
is the threadID 2139.
You may check, if this is a rather new thread id of if the thread
was used earlier.

Thread seems to be in use only for the same database.

Stephan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to a topic in
the Google Groups “privacyidea” group.
To unsubscribe from this topic, visit https://groups.google.com/d/top
ic/privacyidea/6VRQZ3GgkXc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to p
rivacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/8497d141-d304-46f7-a407-
cc0fd23fd6b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

Hi Stephan,

I am getting other session issues with Apache. Have not tried with
nginx, yet.

If you like to, you can check a development version of privacyIDEA.
The sqlresolver has not changed, but the sql audit module has.
The SQLAudit module might interfere with the resolver…
If you are ok with that, you can install privacyidea 2.17dev2 from

ppa:privacyidea/privacyidea-dev
(waiting to be built)

and see, if the problem still remains.

Kind regards
CorneliusAm Dienstag, den 06.12.2016, 06:08 -0800 schrieb Stephan Heffner:

Hi Cornelius,

Hello Stephan,

in this line, the error occurs:

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.py”, line 709, in
add

Even when creating a user the code should run the loadConfig method

otherwise it would not know the user database.
And then it should set the _model_changes.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
7ad0
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L590

Well, you could try a quick hack and add the line

self.session._model_changes = {} 

In the method add_user before line 709 - before the commit fails.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
7ad0
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L709
Doesn’t help. Still fails when trying to add a new server.

In the long run there is one difference:

14.04 and 16.04 which come with a different sqlalchemy stack.

So you fail on 16.04. Can you please tell which sqlalchemy drivers
you
are using for the token database and the user database.
The best would be to provider the
anonymized SQLALCHEMY_DATABASE_URI
and the anonymized config of the sqlresolver.
The internal DB connection is mysql://pi:…@localhost@pi. For the
resolver I’m using mysql://privacy:…@localhost:3306/privacy.

Based on this question I’ve checked the SQLAlchemy Docs and realized
how many different drivers exists … what is the default using
mysql:// instead of mysql+xxx:// ? Any recommendation?

Thanks
Stephan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to a topic in
the Google Groups “privacyidea” group.
To unsubscribe from this topic, visit https://groups.google.com/d/top
ic/privacyidea/6VRQZ3GgkXc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to p
rivacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/4f9dbdbd-d6c1-4a3d-9049-
50605ae9a5af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

Hi Stephan,

as far as the driver is concerned I am using mysql and sometimes
pymysql.
E.g. pymysql is a pure python implementation. When installing in a pip
environment you can avoid having gcc and libmysql-dev around, which you
would be needed when installing the mysql driver via pip.

You said

Doesn’t help. Still fails when trying to add a new server.

I guess you mean when you try to add a user?

Kind regards
CorneliusAm Dienstag, den 06.12.2016, 06:08 -0800 schrieb Stephan Heffner:

Hi Cornelius,

Hello Stephan,

in this line, the error occurs:

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.py”, line 709, in
add

Even when creating a user the code should run the loadConfig method

otherwise it would not know the user database.
And then it should set the _model_changes.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
7ad0
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L590

Well, you could try a quick hack and add the line

self.session._model_changes = {} 

In the method add_user before line 709 - before the commit fails.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
7ad0
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L709
Doesn’t help. Still fails when trying to add a new server.

In the long run there is one difference:

14.04 and 16.04 which come with a different sqlalchemy stack.

So you fail on 16.04. Can you please tell which sqlalchemy drivers
you
are using for the token database and the user database.
The best would be to provider the
anonymized SQLALCHEMY_DATABASE_URI
and the anonymized config of the sqlresolver.
The internal DB connection is mysql://pi:…@localhost@pi. For the
resolver I’m using mysql://privacy:…@localhost:3306/privacy.

Based on this question I’ve checked the SQLAlchemy Docs and realized
how many different drivers exists … what is the default using
mysql:// instead of mysql+xxx:// ? Any recommendation?

Thanks
Stephan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to a topic in
the Google Groups “privacyidea” group.
To unsubscribe from this topic, visit https://groups.google.com/d/top
ic/privacyidea/6VRQZ3GgkXc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to p
rivacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/4f9dbdbd-d6c1-4a3d-9049-
50605ae9a5af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

Hi Cornelius,

Hello Stephan,

in this line, the error occurs:

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.py”, line 709, in add

Even when creating a user the code should run the loadConfig method -
otherwise it would not know the user database.
And then it should set the _model_changes.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L590
https://github.com/privacyidea/privacyidea/blob/b61fd7331357e1d57367ad0fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L590

Well, you could try a quick hack and add the line

self.session._model_changes = {} 

In the method add_user before line 709 - before the commit fails.
GitHub - privacyidea/privacyidea at b61fd7331357e1d57367ad0fdfdda01867d7856f
fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L709
https://github.com/privacyidea/privacyidea/blob/b61fd7331357e1d57367ad0fdfdda01867d7856f/privacyidea/lib/resolvers/SQLIdResolver.py#L709

Doesn’t help. Still fails when trying to add a new server.

In the long run there is one difference:

14.04 and 16.04 which come with a different sqlalchemy stack.

So you fail on 16.04. Can you please tell which sqlalchemy drivers you
are using for the token database and the user database.
The best would be to provider the anonymized SQLALCHEMY_DATABASE_URI
and the anonymized config of the sqlresolver.

The internal DB connection is mysql://pi:…@localhost@pi. For the resolver
I’m using mysql://privacy:…@localhost:3306/privacy.

Based on this question I’ve checked the SQLAlchemy Docs and realized how
many different drivers exists … what is the default using mysql://
instead of mysql+xxx:// ? Any recommendation?

Thanks
StephanOn Tuesday, December 6, 2016 at 12:10:07 PM UTC+1, Cornelius Kölbel wrote:

Hi Stephan,

which database are you running?

In which database are your users located? In the same as the token
database? (I have no real/good experiences with that).

Which webserver did you use to run privacyIDEA. Apache2 or Nginx.
Look at the processes/sessions.

In the log file the second column
[2016-12-05 13:38:53,336][2139]
is the threadID 2139.
You may check, if this is a rather new thread id of if the thread was used
earlier.
Sometimes strange things can happen between processes/threads.

Kind regards
CorneliusAm Montag, 5. Dezember 2016 14:12:43 UTC+1 schrieb Stephan Heffner:

Hi,

I’ve created a second privacyidea system based on the ubuntu 16.04 LTS
packages. (First one is running using ubuntu 14.04 LTS).

Everything seems to be fine. I can log in using the administrative
account, configure realms and resolvers and so on. Like in the other system
mentioned above, I’ve created an editable SQL Resolver using a new MySQL
database table.

Trying to add a new user using this resolver fails with an error message:
‘Session’ object has no attribute ‘_model_changes’ … logs at this time
contains:

[2016-12-05
13:38:53,336][2139][140136058840960][ERROR][privacyidea.app:1423] Exception
on /user/ [POS
T]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”, line
109, in policy_wrappe
r
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
313, in decorated_function
return f(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/user.py”, line
172, in create_user_api
r = create_user(resolvername, attributes, password=password)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
187, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
479, in create_user
uid = y.add_user(attributes)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.py”,
line 709, in add
_user
self.db.commit()
File “/usr/lib/python2.7/dist-packages/sqlsoup.py”, line 268, in commit
self.session.commit()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/scoping.py”, line
150, in do
return getattr(self.registry(), name)(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
813, in commit
self.transaction.commit()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
392, in commit
self._prepare_impl()
File “/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py”, line
361, in _prepare_impl
self.session.dispatch.before_commit(self.session)
File “/usr/lib/python2.7/dist-packages/sqlalchemy/event/attr.py”, line
218, in call
fn(*args, **kw)
File “/usr/lib/python2.7/dist-packages/flask_sqlalchemy/init.py”,
line 162, in session_signal_be
fore_commit
d = session._model_changes
AttributeError: ‘Session’ object has no attribute ‘_model_changes’

Not sure about the reason for this. Just a questions of permissions? Any
idea out there?

Thanks
Stephan

Hello Cornelius,

Hi Stephan,

which database are you running?

MySQL (5.7 included with Ubuntu 16.04 LTS).

In which database are your users located? In the same as the token
database? (I have no real/good experiences with that).

It’s the same MySQL Instance but different databases and different users.
Each having only access rights to it’s own database schema.

I’ve used a similar setup with the previous version.

Which webserver did you use to run privacyIDEA. Apache2 or Nginx.

Nginx.

Look at the processes/sessions.

In the log file the second column
[2016-12-05 13:38:53,336][2139]
is the threadID 2139.
You may check, if this is a rather new thread id of if the thread was used
earlier.

Thread seems to be in use only for the same database.

StephanOn Tuesday, December 6, 2016 at 11:14:29 AM UTC+1, Cornelius Kölbel wrote:

The internal DB connection is mysql://pi:…@localhost@pi. For the
resolver I’m using mysql://privacy:…@localhost:3306/privacy.

It’s mysql://pi:…@localhost/pi not @pi at the end.

Hi Cornelius,On Tuesday, December 6, 2016 at 4:19:43 PM UTC+1, Cornelius Kölbel wrote:

Hi Stephan,

I am getting other session issues with Apache. Have not tried with
nginx, yet.

If you like to, you can check a development version of privacyIDEA.
The sqlresolver has not changed, but the sql audit module has.
The SQLAudit module might interfere with the resolver…
If you are ok with that, you can install privacyidea 2.17dev2 from

ppa:privacyidea/privacyidea-dev
(waiting to be built)

and see, if the problem still remains.

Nope, problem solved. Starting with 2.17dev2 I can add a new user - not a
server … I’ll stay with this version and continue to check the other
things.

Thanks
Stephan

Hi Stephan,

thanks for the feedback!

Kind regards
CorneliusAm Mittwoch, den 07.12.2016, 23:56 -0800 schrieb Stephan Heffner:

Hi Cornelius,

Hi Stephan,

I am getting other session issues with Apache. Have not tried with
nginx, yet.

If you like to, you can check a development version of
privacyIDEA.
The sqlresolver has not changed, but the sql audit module has.
The SQLAudit module might interfere with the resolver…
If you are ok with that, you can install privacyidea 2.17dev2 from

ppa:privacyidea/privacyidea-dev
(waiting to be built)

and see, if the problem still remains.
Nope, problem solved. Starting with 2.17dev2 I can add a new user -
not a server … I’ll stay with this version and continue to
check the other things.

Thanks
Stephan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to a topic in
the Google Groups “privacyidea” group.
To unsubscribe from this topic, visit https://groups.google.com/d/top
ic/privacyidea/6VRQZ3GgkXc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to p
rivacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/0daa0ff6-0f79-444b-85c6-
47075db84485%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)