EPrints Technical Mailing List Archive

Message: #08831


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Eprints 3.4.3 RIOXX2 plugin issue


Hi Lee,

The issue was within a data object validation trigger function.  Any data object, user, eprint, document, etc. would hit this validation trigger (for password length) for every metafield but should normally be returned quickly without an issue being raised as it is not a secret field assigned to a user, for which this check is intended. 

I have had a look at lib/plugins/EPrints/Plugin/InputForm/Component/Field/RIOXX2.pm and the validate method looks like it only calls the validate method for the underlying field with the repository object and the field value.  This explains the issue you saw, as the validation trigger method expects the data object to also be supplied and this is where things fall over.  I am not sure why I did not hit this issue when I installed and tested the RIOXX2 plugin on my 3.4.3 EPrints instance.  I am guessing this was because my RIOXX2 fields were not already populated with data that needed to be validated.

This now suggests to me that others upgrading to 3.4.3 may hit the same problem as you if they have the RIOXX2 plugin installed.  I feel that the bug exists in both the RIOXX2 plugin and the validation trigger method for password length but for a problem to occur both bugs need to be present.  I am not sure who is currently responsible for the RIOXX2 plugin, so I cannot easily get that bug fixed and rolled out in a new version.  However, I will investigate and see if I can get someone to action that.  With respect to the core codebase, I have already pushed this change to GitHub:

https://github.com/eprints/eprints3.4/commit/0904940a1d68f3e92317bb3bae1e33888c777b36

Therefore, this fix will be present in 3.4.4.  I will also add this as a known issue to the 3.4.3 wiki page.

Regards

David Newman


On 13/01/2022 13:17, Lee Paton wrote:
CAUTION: This e-mail originated outside the University of Southampton.

Hi David

 

That’s great – that’s resolved my problem, many thanks

 

The version of the Generic Reporting Framework we’re using is 2.0, upgrading the plugins is next on my to-do list

 

We’re using shibboleth for authentication, would that change how $user is defined?

 

Thanks again

 

Lee

 

From: David R Newman <drn@ecs.soton.ac.uk>
Date: Wednesday, 12 January 2022 at 17:01
To: Lee Paton <patonl@cardiff.ac.uk>, "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
Subject: Re: [EP-tech] Eprints 3.4.3 RIOXX2 plugin issue

 

Hi Lee,

I have not been able to reproduce the same issues as you reported when tying to edit an item.  I did initially get some errors in the apache log relating to not having the Generic Reporting Framework plugin installed but this did not give a 500 error in my web browser and was easily remedied by installing this plugin through the Bazaar.

One issue may be the versions of the RIOXX2 and Generic Reporting Framework plugin you are running.  I have just installed the following versions:

reports=3.1

rioxx2=1.0.5

Which versions do you have installed?  You can check this most easily by going to the /cgi/counter page for your repository in a web browser.

Looking at the first line of your errors, it reports a problem with calling isa method on an undefined value on line 8.  I have grepped through the code and found that this could relate to some new as of 3.4.3 configuration code that was added to ensure local passwords are no longer than a certain length, (in this case 200 characters), which was identified as a potential vector of attack.

It is possible that in line 8 of lib/cfg.d/user_password_maxlength.pl there is no user defined so this generates this first error message.  However, I am not sure how this could have anything to do with the RIOXX2 plugin.  My advice would be to modify line 8 of the file from:

return unless $user->isa( "EPrints::DataObj::User" ) && $field->type eq "secret";

to:

return unless defined $user && $user->isa( "EPrints::DataObj::User" ) && $field->type eq "secret";

And see if that remedies your issue.  I am not sure how this trigger could be called without $user (or more generally a dataobj that might be a user) being defined.  However, it is the only place I could find the isa method called on line 8 of a file.

Regards

David Newman

On 12/01/2022 16:36, Lee Paton wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Hi David

 

Thanks for your quick reply

 

I haven’t modified any of the rioxx2 plugin files they should all be default versions, I’ll double check the local changes I’ve made to the configuration – unfortunately there are some from several years ago that are under /lib and /perl_lib but I don’t think they would touch anything rioxx related

 

I’ve massaged some URLs from our preproduction system to use the development system and can access the workflow of the rioxx tab where I see the following errors:

 

Field component is missing field element in

<component type="Field::RIOXX2" id="c63"><field ref="rioxx2_type"/>

  <field ref="rioxx2_coverage" required_by="rioxx2"/>

  <field ref="rioxx2_language" required_by="rioxx2"/>

  <field ref="rioxx2_dateAccepted" required_by="rioxx2"/>

  <field ref="rioxx2_free_to_read" required_by="rioxx2"/>

  <field ref="rioxx2_license_ref" required_by="rioxx2"/>

  <field ref="rioxx2_apc" required_by="rioxx2"/>

  <field ref="rioxx2_author" required_by="rioxx2"/>

  <field ref="rioxx2_project" required_by="rioxx2"/>

  <field ref="rioxx2_publication_date" required_by="rioxx2"/>

  <field ref="rioxx2_version" required_by="rioxx2"/>

</component>

 

 

Field component is missing field element in

<component type="Field::RIOXX2" id="c64">

  <field ref="rioxx2_coverage"/>

  <field ref="rioxx2_type" required_by="rioxx2"/>

</component>

 

When it’s trying to render the rioxx2_type and rioxx2_coverage fields

 

Thanks again

 

Lee

 

From: <eprints-tech-bounces@ecs.soton.ac.uk> on behalf of David R Newman via Eprints-tech <eprints-tech@ecs.soton.ac.uk>
Reply to: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>, David R Newman <drn@ecs.soton.ac.uk>
Date: Wednesday, 12 January 2022 at 12:14
To: Lee Paton via Eprints-tech <eprints-tech@ecs.soton.ac.uk>
Subject: Re: [EP-tech] Eprints 3.4.3 RIOXX2 plugin issue

 

External email to Cardiff University - Take care when replying/opening attachments or links.

Nid ebost mewnol o Brifysgol Caerdydd yw hwn - Cymerwch ofal wrth ateb/agor atodiadau neu ddolenni.

 

Hi Lee,

I have not observed any specific issues with the RIOXX2 plugin on EPrints 3.4.3, certainly if you have applied the appropriate patches for known issues in 3.4.3.  As you are upgrading from 3.3 to 3.4 it is likely to be an issue related to this rather than a specific 3.4.3 issue. 

Have you modified any of the RIOXX2 plugin configuration files (e.g. zz_rioxx2.pl)?  I will try a quick test to see whether I can reproduce the problem you are seeing on a 3.4.3 instance, (that was 3.4.3 from its inception rather than upgraded from an earlier version).  It is possible that a change to your configuration could hit an unknown bug in 3.4.3 that was not a problem in earlier versions of EPrints.  Therefore, this issue would likely only effect you.

I can see in the error message reference to EPrints::Config::orca, which presumably is the name of your repository.  This further suggests it may be an issue somewhere in your configuration.  I will need to look further through the apache error log listing you provided.  So I can zero in on where the problem is likely to be.

Regards

David Newman

On 12/01/2022 12:01, Lee Paton via Eprints-tech wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Hi 

 

 

I’ve just upgraded our development repository from eprints 3.3.12 to 3.4.3 using the rpm (and default flavours tar file) migrating the changes across as in https://wiki.eprints.org/w/Upgrading_3.3.12%2B_to_3.4 and applying patches/changes as described at https://wiki.eprints.org/w/EPrints_3.4.3#Known_Issues. I’ve hit an issue with the RIOXX2 plugin, whenever I try to edit an item I get a “500 internal server error” before anything is rendered in the browser. The apache log shows

 

[Tue Jan 11 16:34:41.454113 2022] [:error] [pid 2830] Can't call method "isa" on an undefined value at (eval 222) line 8.\n at (eval 222) line 8.\n\t

EPrints::Config::orca::__ANON__('repository', 'EPrints::Repository=HASH(0x5556a03f2fd0)', 'value', 'en', 'dataobj', undef, 'problems', 'ARRAY(0x55569c19d238)', 'field', ...) called at /usr/share/eprints/perl_lib/EPrints/Repository.pm line 1800\n\t

EPrints::Repository::run_trigger('EPrints::Repository=HASH(0x5556a03f2fd0)', 14, 'field', 'EPrints::MetaField::RIOXX2=HASH(0x5556a37d26a8)', 'dataobj', undef, 'value', 'en', 'problems', ...) called at /usr/share/eprints/perl_lib/EPrints/MetaField.pm line 2647\n\t

EPrints::MetaField::validate('EPrints::MetaField::RIOXX2=HASH(0x5556a37d26a8)', 'EPrints::Repository=HASH(0x5556a03f2fd0)', 'en', undef) called at /usr/share/eprints/lib/plugins/EPrints/MetaField/RIOXX2.pm line 55\n\t

EPrints::MetaField::RIOXX2::validate('EPrints::MetaField::RIOXX2=HASH(0x5556a37d26a8)', 'EPrints::Repository=HASH(0x5556a03f2fd0)', 'en') called at /usr/share/eprints/lib/plugins/EPrints/Plugin/InputForm/Component/Field/RIOXX2.pm line 99\n\t

EPrints::Plugin::InputForm::Component::Field::RIOXX2::validate('EPrints::Plugin::InputForm::Component::Field::RIOXX2=HASH(0x5...') called at /usr/share/eprints/perl_lib/EPrints/Workflow/Stage.pm line 206\n\t

EPrints::Workflow::Stage::validate('EPrints::Workflow::Stage=HASH(0x5556a37aac50)', 'EPrints::ScreenProcessor=HASH(0x5556a37c37d0)') called at /usr/share/eprints/perl_lib/EPrints/Plugin/Screen/EPrint/Details.pm line 302\n\t

EPrints::Plugin::Screen::EPrint::Details::render('EPrints::Plugin::Screen::EPrint::Details=HASH(0x55569e6d7640)', 'ep_eprint_view_0') called at /usr/share/eprints/perl_lib/EPrints/Plugin/Screen/EPrint/View.pm line 199\n\t

EPrints::Plugin::Screen::EPrint::View::render('EPrints::Plugin::Screen::EPrint::View=HASH(0x5556a37c86a0)') called at /usr/share/eprints/perl_lib/EPrints/ScreenProcessor.pm line 420\n\t

EPrints::ScreenProcessor::process('EPrints::ScreenProcessor', 'session', 'EPrints::Repository=HASH(0x5556a03f2fd0)', 'template', undef, 'url', '/cgi/users/home') called at /usr/share/eprints/cgi/users/home line 43\n\t

ModPerl::ROOT::ModPerl::Registry::usr_share_eprints_cgi_users_home::handler('Apache2::RequestRec=SCALAR(0x5556a3800c70)') called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 207\n\t

eval {...} called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 207\n\t

ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x5556a37d4928)') called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 173\n\t

ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x5556a37d4928)') called at /usr/lib64/perl5/vendor_perl/ModPerl/Registry.pm line 32\n\t

ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x5556a3800c70)') called at -e line 0\n\teval {...} called at -e line 0\n

 

If I disable the plugin the page renders successfully without the rioxx2 tab, if I disable the following:

 

$c->{plugins}{'InputForm::Component::Field::RIOXX2'}{params}{disable} = 1;

 

in my local archives zz_rioxx2.pl the edit item page displayed but links to License ref field, Accepted Date and Project are only rendered as text and not a full link, I’ve checked that all the plugin files are where they should be and have even removed and reinstalled the RIOXX2 plugin and the internal server error still happens

 

 

Has anyone come across something like this before?

 

Thanks

 

Lee

 

 

Lee Paton

Senior Server Engineer / Uwch Beiriannydd Gweinyddion

University IT Service / Gwasanaeth TG y Brifysgol

Cardiff University / Prifysgol Caerdydd

39-45 Park Place / 39-45 Plas y Parc

Cardiff / Caerdydd

CF10 3BB

Tel / Ffôn: +44 (0)29 2087 0440

Email / E-bost: PatonL@cardiff.ac.uk




*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/

 

Virus-free. www.avg.com