Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error when changing from version0.13.1 to 0.14 #275

Closed
abc19899 opened this issue Jan 9, 2017 · 6 comments
Closed

error when changing from version0.13.1 to 0.14 #275

abc19899 opened this issue Jan 9, 2017 · 6 comments

Comments

@abc19899
Copy link

abc19899 commented Jan 9, 2017
edited by davidism
Loading 

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "./tencent_web_charge/single_server_query/views.py", line 69, in choose_platform
    form = ChoosePlatformForm()
  File "/usr/local/lib/python3.6/site-packages/wtforms/form.py", line 212, in __call__
    return type.__call__(cls, *args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/flask_wtf/form.py", line 87, in __init__
    super(FlaskForm, self).__init__(formdata=formdata, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/wtforms/form.py", line 278, in __init__
    self.process(formdata, obj, data=data, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/wtforms/form.py", line 132, in process
    field.process(formdata)
  File "/usr/local/lib/python3.6/site-packages/wtforms/csrf/core.py", line 43, in process
    self.current_token = self.csrf_impl.generate_csrf_token(self)
  File "/usr/local/lib/python3.6/site-packages/flask_wtf/csrf.py", line 134, in generate_csrf_token
    token_key=self.meta.csrf_field_name
  File "/usr/local/lib/python3.6/site-packages/flask_wtf/csrf.py", line 47, in generate_csrf
    setattr(g, field_name, s.dumps(session[field_name]))
  File "/usr/local/lib/python3.6/site-packages/itsdangerous.py", line 565, in dumps
    payload = want_bytes(self.dump_payload(obj))
  File "/usr/local/lib/python3.6/site-packages/itsdangerous.py", line 847, in dump_payload
    json = super(URLSafeSerializerMixin, self).dump_payload(obj)
  File "/usr/local/lib/python3.6/site-packages/itsdangerous.py", line 550, in dump_payload
    return want_bytes(self.serializer.dumps(obj))
  File "/usr/local/lib/python3.6/site-packages/itsdangerous.py", line 51, in dumps
    return json.dumps(obj, separators=(',', ':'))
  File "/usr/local/lib/python3.6/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
  File "/usr/local/lib/python3.6/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/local/lib/python3.6/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/usr/local/lib/python3.6/json/encoder.py", line 180, in default
    o.__class__.__name__)
TypeError: Object of type 'bytes' is not JSON serializable
class ChoosePlatformForm(flask_wtf.FlaskForm):
    platform = wtforms.SelectField(
        '平台', validators=[wtforms.validators.DataRequired()],
        choices=[
            ('android', '安卓混服'),
            ('tencent', '腾讯应用宝'),
            ('app', '苹果官方'),
            ('xingyun', '独服'),
            ('test', '测试')
        ]
    )
    submit = wtforms.SubmitField(
        '确定',
    )

@delayed_route('/choose_platform', methods=['GET', 'POST'])
def choose_platform():
    form = ChoosePlatformForm()
    if form.validate_on_submit():
        response = make_response(redirect(url_for('.choose_server', next=request.args.get('next', None))))
        response.set_cookie('platform', form.platform.data)
        return response

    return render_template('simple_form.html', form=form)

I am using Python 3.
@davidism davidism added this to the v0.14.1 milestone Jan 9, 2017
@davidism davidism added the bug label Jan 9, 2017
@davidism
Copy link
Member

davidism commented Jan 10, 2017
edited
Loading

I can't reproduce your issue. The session token is generated as a string, not bytes, on Python 3, and the serializer handles it correctly.

The only thing I can think of is that there might be invalid data in the session due to the change in how the token is generated, but I couldn't reproduce that either. Try clearing the browser's cookies for your app (probably localhost or 127.0.0.1).

If that doesn't work, you'll need to provide a self-contained example that reproduces the issue.

@davidism davidism removed the bug label Jan 10, 2017
@davidism davidism removed this from the v0.14.1 milestone Jan 10, 2017
@davidism davidism mentioned this issue Jan 25, 2017
Closed
@guillaumep
Copy link

This has happened to me when upgrading my code from Python 2 to Python 3. The browser had cookies set by Python 2 code. Python 3 interpreted the cookie content as byte strings.

Deleting the cookie solved the issue.

lepture added a commit that referenced this issue Mar 15, 2017
@lepture
safe dumps csrf token from session. related #275
eff54ec
@viktor-evdokimov
Copy link

@guillaumep OMG it really was cookies. I was so confused while everything was working fine locally but was broken inside docker container and it was just cookies.

@aleonchen
Copy link

@ojosdegris Yes, same to me. It took me hours to fix it.

@nfvs nfvs mentioned this issue Jun 1, 2017
Closed
@zhaohongxuan
Copy link

@guillaumep really thanks

@davidism davidism mentioned this issue Oct 15, 2018
Closed
mgraupner pushed a commit to mgraupner/flask-wtf that referenced this issue Mar 4, 2019
@lepture
safe dumps csrf token from session. related pallets-eco#275
78ec4bb
@janwilamowski
Copy link

as a workaround, you could try running

if type(session['csrf_token']) is bytes:
    del session['csrf_token']

before instantiating the form. This should remove the leftover (Python 2) CSRF token and trigger recreating it.

@rmol rmol mentioned this issue Jul 22, 2019
Merged
3 tasks
rmol added a commit to rmol/securedrop that referenced this issue Jul 23, 2019
@rmol
Eliminate csrf_token TypeError during upgrade
b16ff22 
Work around pallets-eco/flask-wtf#275 -- after
upgrading from Python 2 to Python 3, any existing session's csrf_token
value will be retrieved as bytes, causing a TypeError. This simple
fix, deleting the existing token, was suggested in the issue
comments. This code will be safe to remove after Python 2 reaches EOL
in 2020, and no supported SecureDrop installations can still have this
problem.
rmol added a commit to rmol/securedrop that referenced this issue Jul 24, 2019
@rmol
Eliminate csrf_token TypeError during upgrade
df25003 
Work around pallets-eco/flask-wtf#275 -- after
upgrading from Python 2 to Python 3, any existing session's csrf_token
value will be retrieved as bytes, causing a TypeError. This simple
fix, deleting the existing token, was suggested in the issue
comments. This code will be safe to remove after Python 2 reaches EOL
in 2020, and no supported SecureDrop installations can still have this
problem.
rmol added a commit to rmol/securedrop that referenced this issue Jul 25, 2019
@rmol
Eliminate csrf_token TypeError during upgrade
c7837ed 
Work around pallets-eco/flask-wtf#275 -- after
upgrading from Python 2 to Python 3, any existing session's csrf_token
value will be retrieved as bytes, causing a TypeError. This simple
fix, deleting the existing token, was suggested in the issue
comments. This code will be safe to remove after Python 2 reaches EOL
in 2020, and no supported SecureDrop installations can still have this
problem.
rmol added a commit to rmol/securedrop that referenced this issue Jul 25, 2019
@rmol
Create securedrop-app-code package with dh-virtualenv and mod_wsgi
9bc6f26 
Building on freedomofpress#4555,
change the Debian packaging of securedrop-app-code to use
dh-virtualenv, allowing us to embed mod_wsgi in the package.

This means we don't have to include wheels and pip install them during
postinst. Not requiring python3-pip, which isn't available in the apt
repositories in /etc/apt/security.list, means upgrading to Python 3 is
going to be smoother.

The securedrop-app-code Debian package now Conflicts/Replaces
libapache2-mod-wsgi. It will be removed when this new package is
installed.

This requires updates to the builder Docker image, so I've made
changes under molecule/builder-xenial to support building the Debian
packages with a local image.

Noting for future removal: this includes a workaround for
pallets-eco/flask-wtf#275 -- after upgrading
from Python 2 to Python 3, any existing session's csrf_token value
will be retrieved as bytes, causing a TypeError. This simple fix,
deleting the existing token, was suggested in the issue comments. This
code will be safe to remove after Python 2 reaches EOL in 2020, and no
supported SecureDrop installations can still have this problem.
rmol added a commit to rmol/securedrop that referenced this issue Jul 25, 2019
@rmol
Create securedrop-app-code package with dh-virtualenv and mod_wsgi
5aa5b2e 
Building on freedomofpress#4555,
change the Debian packaging of securedrop-app-code to use
dh-virtualenv, allowing us to embed mod_wsgi in the package.

This means we don't have to include wheels and pip install them during
postinst. Not requiring python3-pip, which isn't available in the apt
repositories in /etc/apt/security.list, means upgrading to Python 3 is
going to be smoother.

The securedrop-app-code Debian package now Conflicts/Replaces
libapache2-mod-wsgi. It will be removed when this new package is
installed.

This requires updates to the builder Docker image, so I've made
changes under molecule/builder-xenial to support building the Debian
packages with a local image.

Noting for future removal: this includes a workaround for
pallets-eco/flask-wtf#275 -- after upgrading
from Python 2 to Python 3, any existing session's csrf_token value
will be retrieved as bytes, causing a TypeError. This simple fix,
deleting the existing token, was suggested in the issue comments. This
code will be safe to remove after Python 2 reaches EOL in 2020, and no
supported SecureDrop installations can still have this problem.
rmol added a commit to rmol/securedrop that referenced this issue Jul 30, 2019
@rmol
Create securedrop-app-code package with dh-virtualenv and mod_wsgi
c4c2dd5 
Building on freedomofpress#4555,
change the Debian packaging of securedrop-app-code to use
dh-virtualenv, allowing us to embed mod_wsgi in the package.

This means we don't have to include wheels and pip install them during
postinst. Not requiring python3-pip, which isn't available in the apt
repositories in /etc/apt/security.list, means upgrading to Python 3 is
going to be smoother.

The securedrop-app-code Debian package now Conflicts/Replaces
libapache2-mod-wsgi. It will be removed when this new package is
installed.

This requires updates to the builder Docker image, so I've made
changes under molecule/builder-xenial to support building the Debian
packages with a local image.

Noting for future removal: this includes a workaround for
pallets-eco/flask-wtf#275 -- after upgrading
from Python 2 to Python 3, any existing session's csrf_token value
will be retrieved as bytes, causing a TypeError. This simple fix,
deleting the existing token, was suggested in the issue comments. This
code will be safe to remove after Python 2 reaches EOL in 2020, and no
supported SecureDrop installations can still have this problem.
lev-csouffrant pushed a commit to lev-csouffrant/securedrop that referenced this issue Aug 25, 2019
@rmol @lev-csouffrant
Create securedrop-app-code package with dh-virtualenv and mod_wsgi
ae19f9c 
Building on freedomofpress#4555,
change the Debian packaging of securedrop-app-code to use
dh-virtualenv, allowing us to embed mod_wsgi in the package.

This means we don't have to include wheels and pip install them during
postinst. Not requiring python3-pip, which isn't available in the apt
repositories in /etc/apt/security.list, means upgrading to Python 3 is
going to be smoother.

The securedrop-app-code Debian package now Conflicts/Replaces
libapache2-mod-wsgi. It will be removed when this new package is
installed.

This requires updates to the builder Docker image, so I've made
changes under molecule/builder-xenial to support building the Debian
packages with a local image.

Noting for future removal: this includes a workaround for
pallets-eco/flask-wtf#275 -- after upgrading
from Python 2 to Python 3, any existing session's csrf_token value
will be retrieved as bytes, causing a TypeError. This simple fix,
deleting the existing token, was suggested in the issue comments. This
code will be safe to remove after Python 2 reaches EOL in 2020, and no
supported SecureDrop installations can still have this problem.
kushaldas pushed a commit to freedomofpress/securedrop that referenced this issue Sep 25, 2019
@rmol @kushaldas
Create securedrop-app-code package with dh-virtualenv and mod_wsgi
f71cddf 
Building on #4555,
change the Debian packaging of securedrop-app-code to use
dh-virtualenv, allowing us to embed mod_wsgi in the package.

This means we don't have to include wheels and pip install them during
postinst. Not requiring python3-pip, which isn't available in the apt
repositories in /etc/apt/security.list, means upgrading to Python 3 is
going to be smoother.

The securedrop-app-code Debian package now Conflicts/Replaces
libapache2-mod-wsgi. It will be removed when this new package is
installed.

This requires updates to the builder Docker image, so I've made
changes under molecule/builder-xenial to support building the Debian
packages with a local image.

Noting for future removal: this includes a workaround for
pallets-eco/flask-wtf#275 -- after upgrading
from Python 2 to Python 3, any existing session's csrf_token value
will be retrieved as bytes, causing a TypeError. This simple fix,
deleting the existing token, was suggested in the issue comments. This
code will be safe to remove after Python 2 reaches EOL in 2020, and no
supported SecureDrop installations can still have this problem.
jlev added a commit to OpenSourceActivismTech/call-power that referenced this issue Nov 13, 2019
@jlev
update flask-wtf to unreleased version to flush old cookies
e8a34be 
for pallets-eco/flask-wtf#275
zorun pushed a commit to zorun/ihatemoney that referenced this issue May 21, 2020
Update Flask-WTF to 0.14.3 to fix python2 - python3 transition
91d6eaa 
When updating I Hate Money from python2 to python3, any leftover cookie
set from python2 causes the python3 version to crash when reading the
cookie back.

This is a bug/omission in Flask-WTF: pallets-eco/flask-wtf#275

It was fixed in 0.14.3 with: pallets-eco/flask-wtf@eff54ec
zorun pushed a commit to zorun/ihatemoney that referenced this issue May 30, 2020
Update Flask-WTF to 0.14.3 to fix python2 - python3 transition
228b5a8 
When updating I Hate Money from python2 to python3, any leftover cookie
set from python2 causes the python3 version to crash when reading the
cookie back.

This is a bug/omission in Flask-WTF: pallets-eco/flask-wtf#275

It was fixed in 0.14.3 with: pallets-eco/flask-wtf@eff54ec
zorun pushed a commit to spiral-project/ihatemoney that referenced this issue Jun 7, 2020
@zorun
Update Flask-WTF to 0.14.3 to fix python2 - python3 transition
b76da17 
When updating I Hate Money from python2 to python3, any leftover cookie
set from python2 causes the python3 version to crash when reading the
cookie back.

This is a bug/omission in Flask-WTF: pallets-eco/flask-wtf#275

It was fixed in 0.14.3 with: pallets-eco/flask-wtf@eff54ec
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@viktor-evdokimov @aleonchen @guillaumep @davidism @abc19899 @janwilamowski @zhaohongxuan