Error Deleting API Key

security

(aburck) #1

We are on v2018.3.7

When attempting to delete any API key from /app#/users/me/apiKeys, I receive a 500 Internal Server Error and thus the key is not deleted.

Here is some info from the chrome debugger for the request (**** is used for obfuscation):

REQUEST
POST https://****/api/users/Users-21/apikeys/apikeys-YtPXw8TX4n3vg9LqH2VYCl45s
Accept: application/json
Cookie: OctopusIdentificationToken_****
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
X-HTTP-Method-Override: DELETE
X-Octopus-Csrf-Token: ****
X-Octopus-User-Agent: OctopusClient-js/2018.3.7

RESPONSE
HTTP 500 Internal Server Error
Content-Security-Policy: ****
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Apr 2018 15:52:12 GMT
Octopus-Node: name=****; version=2018.3.7
Referrer-Policy: no-referrer
Server: Microsoft-HTTPAPI/2.0
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

{
  "ErrorMessage": "Object reference not set to an instance of an object."
}

Let me know if you need any further info to diagnose the issue.


(Michael Noonan) #3

Hi, thanks for getting in touch!

I’ve tried to reproduce that behaviour without luck. Could you take a look in the Octopus Server log file from that time and find the full stack trace of the NullReferenceException? That would help us track down the root cause and fix it.

Are you trying to automate API keys with a script, or is this error happening when you use the Octopus UI?

Hope that helps!
Mike


(aburck) #4

Hi Michael,

Here are the log messages for that error (again **** used for obfuscation). This problem is happening when I use the Octopus UI.

2018-04-16 09:56:29.7260   6108    522 ERROR  Unhandled error on request: http://****/api/users/Users-21/apikeys/apikeys-YtPXw8TX4n3vg9LqH2VYCl45s 9eaa5ebf05ac4bbaba66ec0b8f35284d by ****@****.**** : Object reference not set to an instance of an object.
System.NullReferenceException: Object reference not set to an instance of an object.
   at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalLoader.GetPrincipalForUser(IUser user, AuthenticationSourceDescriptor authenticationSourceDescriptor)
   at Octopus.Server.Web.Infrastructure.Security.CanEditAdministrator.AuthorizeAction(ISpecialRuleContext context)
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.ExecuteRegisteredRules[TRule](Action`2 ruleCallback)
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
   at Octopus.Server.Web.Infrastructure.OctopusNancyModule.<>c__DisplayClass14_0.<get_Routes>b__1(Object x)
   at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)
2018-04-16 09:56:37.1323   6108    249 ERROR  Unhandled error on request: http://****/api/users/Users-21/apikeys/apikeys-YtPXw8TX4n3vg9LqH2VYCl45s aca719847cf14af3bf3a366441bdb982 by ****@****.****: Object reference not set to an instance of an object.
System.NullReferenceException: Object reference not set to an instance of an object.
   at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalLoader.GetPrincipalForUser(IUser user, AuthenticationSourceDescriptor authenticationSourceDescriptor)
   at Octopus.Server.Web.Infrastructure.Security.CanEditAdministrator.AuthorizeAction(ISpecialRuleContext context)
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.ExecuteRegisteredRules[TRule](Action`2 ruleCallback)
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
   at Octopus.Server.Web.Infrastructure.OctopusNancyModule.<>c__DisplayClass14_0.<get_Routes>b__1(Object x)
   at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)

(Michael Noonan) #5

Thanks for keeping in touch!

I’ve logged a bug now we’ve had a second report of the same behaviour. I’ll reach out if we need anything else to diagnose and fix the issue.

Hope that helps!
Mike