djangogunicornwagtaildjango-auth-ldap

Login forms stop working when switching to production

I'm using Wagtail 2.1, Django 1.11.13, django-auth-ldap 1.6.1 and gunicorn 19.8.1 (Nginx as a proxy server).

I have created two different ways to login, an AJAX view:

def loginajax(request):
# Identation is okay, can't seem to paste it properly
if request.method == 'POST':
    login_form = AuthenticationForm(data=request.POST)
    response_data = {}
    if login_form.is_valid():
        response_data['result'] = '1'
        response_data['message'] = 'You"re logged in'
        user = authenticate(username=login_form.cleaned_data['username'],
                            password=login_form.cleaned_data['password'])
        login(request, user)
    else:
        response_data['result'] = '0'
        response_data['message'] = login_form.errors

    return JsonResponse(response_data)

-A regular, pretty standard Django login form.

{% block content %}
<div class="login-form" style="width: 90%; margin: 0 auto;">
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}

{% if next %}
    {% if user.is_authenticated %}
    <p>Your account doesn't have access to this page. To proceed,
    please login with an account that has access.</p>
    {% else %}
    <p>Please login to see this page.</p>
    {% endif %}
{% endif %}

<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<table>
<tr>
    <td>{{ form.username.label_tag }}</td>
    <td>{{ form.username }}</td>
</tr>
<tr>
    <td>{{ form.password.label_tag }}</td>
    <td>{{ form.password }}</td>
</tr>
</table>

<input type="submit" value="login" />
<input type="hidden" name="next" value="{% if next %}{{ next }}{% endif %}" />
</form>
</div>
{% endblock %}

I am using LDAP, and regular auth backend as a backup:

AUTHENTICATION_BACKENDS = [
  'django_auth_ldap.backend.LDAPBackend',
  'django.contrib.auth.backends.ModelBackend',
]

When running my code in development mode (through manage.py runserver), the login works just fine for both login methods (I can see dlango-ldap debug messages which are validating my user).

However, as soon as I use a production-ready mode (using gunicorn, disabling DEBUG, switching to production settings), all my login requests get a LDAPError:

Caught LDAPError while authenticating bvolchok: INVALID_CREDENTIALS({'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839'},)

For the Ajax view, printing the request.POST object returns the same result with the Django integrated server and Gunicorn:

QueryDict: {'csrfmiddlewaretoken': ['redacted'], 'username': ['redacted'], 'password': ['redacted'], 'next': ['']}>

Basically, my problem is that, in "production mode", login_form.is_valid() is always False...

Solution

  • Silly me, I was passing environment variables to django-auth-ldap and one of them has a space and its vaule was truncated at it.