[BUG] InvalidToken error followed by UnicodeDecodeError

[Magnus010]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I have configured the docker-ldap-auth container and it has been working for about a week. However, last night I tried to log in to my web applications and they are returning 500 Internal Error messages.
Looking at the docker-ldap-auth logs, I see these stack traces:

Exception occurred during processing of request from ('172.18.0.12', 60686)
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte

Glancing through the code, it looks like this line:

            auth_decoded = auth_decoded.decode("utf-8")

in https://github.com/linuxserver/docker-ldap-auth/blob/master/root/app/nginx-ldap-auth-daemon.py#L98 is causing the second stack trace. Maybe that should be in a separate try-except block?
However, I am not sure what the cause of the initial exception is. I have tried adding a Fernet Key but that did not result in the docker-ldap-auth container returning successful log ins.

Expected Behavior

Allow log in calls to the web applications.

Steps To Reproduce

1. I have deployed separate apps in a docker-compose stack, each with their own DNS name. I am using NGINX as the reverse proxy and performing the auth_request call to the docker-ldap-auth container. I do not know what caused this issue as it was working for the previous week.
2. This is the sanitized ldap-server.conf:

location /ldaplogin {
    include config/resolver.conf;
    set $upstream_auth_app ldap-auth;
    set $upstream_auth_port 9000;
    set $upstream_auth_proto http;
    proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
    proxy_set_header X-Target $request_uri;

    proxy_hide_header X-Content-Type-Options;
    proxy_set_header X-Original-URI $request_uri;
    # Ensure correct MIME type
    add_header Content-Type "text/html; charset=utf-8" always;
}

location = /auth-proxy {
    include config/resolver.conf;
    set $upstream_auth_app ldap-auth;
    set $upstream_auth_port 8888;
    set $upstream_auth_proto http;
    proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;

    proxy_hide_header X-Content-Type-Options;
    proxy_set_header X-Original-URI $request_uri;
    # Ensure correct MIME type
    add_header Content-Type "text/html; charset=utf-8" always;

    proxy_pass_request_body off;
    proxy_pass_request_headers off;
    proxy_set_header Content-Length "";

    #Before enabling the below caching options, make sure you have the line "proxy_cache_path cache/ keys_zone=auth_cache:10m;" at the bottom your default site config
    proxy_cache auth_cache;
    proxy_cache_valid 200 10m;
    proxy_cache_key "$http_authorization$cookie_nginxauth";

    # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon
    # communicates with a LDAP server, passing in the following
    # parameters to specify which user account to authenticate. To
    # eliminate the need to modify the Python code, this file contains
    # 'proxy_set_header' directives that set the values of the
    # parameters. Set or change them as instructed in the comments.
    #
    #    Parameter      Proxy header
    #    -----------    ----------------
    #    url            X-Ldap-URL
    #    starttls       X-Ldap-Starttls
    #    basedn         X-Ldap-BaseDN
    #    binddn         X-Ldap-BindDN
    #    bindpasswd     X-Ldap-BindPass
    #    cookiename     X-CookieName
    #    realm          X-Ldap-Realm
    #    template       X-Ldap-Template
    # (Required) Set the URL and port for connecting to the LDAP server,
    # by replacing 'example.com'.
    # Do not mix ldaps-style URL and X-Ldap-Starttls as it will not work.
    proxy_set_header X-Ldap-URL "ldap://controller.domain.local";

    # (Optional) Establish a TLS-enabled LDAP session after binding to the
    # LDAP server.
    # This is the 'proper' way to establish encrypted TLS connections, see
    # http://www.openldap.org/faq/data/cache/185.html
    #proxy_set_header X-Ldap-Starttls "true";

    # (Required) Set the Base DN, by replacing the value enclosed in
    # double quotes.
    proxy_set_header X-Ldap-BaseDN "cn=Users,dc=domain,dc=local";

    # (Required) Set the Bind DN, by replacing the value enclosed in
    # double quotes.
    # If AD, use "root@test.local"
    proxy_set_header X-Ldap-BindDN "${AD_BIND_USERNAME}";

    # (Required) Set the Bind password, by replacing 'secret'.
    proxy_set_header X-Ldap-BindPass "${AD_BIND_PASSWORD}";

    # (Required) The following directives set the cookie name and pass
    # it, respectively. They are required for cookie-based
    # authentication. Comment them out if using HTTP basic
    # authentication.
    proxy_set_header X-CookieName "nginxauth";
    proxy_set_header Cookie nginxauth=$cookie_nginxauth;

    # (Required if using Microsoft Active Directory as the LDAP server)
    # Set the LDAP template by uncommenting the following directive.
    proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";

    # (Optional if using OpenLDAP as the LDAP server) Set the LDAP
    # template by uncommenting the following directive and replacing
    # '(cn=%(username)s)' which is the default set in
    # nginx-ldap-auth-daemon.py.
    #proxy_set_header X-Ldap-Template "(cn=%(username)s)";
    # (Optional) Set the realm name, by uncommenting the following
    # directive and replacing 'Restricted' which is the default set
    # in nginx-ldap-auth-daemon.py.
    # proxy_set_header X-Ldap-Realm    "Restricted";
}

Environment

- OS: Debian GNU/Linux 13 (trixie)
- How docker service was installed: Following Docker install instructions from here: https://docs.docker.com/engine/install/debian/

CPU architecture

x86-64

Docker creation

docker-compose.yml snippet:

  ldap-auth:
    # Original image: lscr.io/linuxserver/ldap-auth:latest
    image: docker.media.domain.local/linuxserver/ldap-auth:latest
    container_name: ldap-auth
    hostname: ldap-auth
    environment:
      - PUID
      - PGID
      - TZ
    expose:
      - 8888
      - 9000
    restart: unless-stopped
    healthcheck:
      test: curl --fail --insecure http://127.0.0.1:9000/ || exit 1
      interval: 2s
      retries: 3
      start_period: 5s
    cpu_shares: 1792
    deploy:
      resources:
        limits:
          memory: 128m
        reservations:
          cpus: 2
          memory: 128m
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - external-network

Container logs

----------------------------------------
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54850)
Exception occurred during processing of request from ('172.18.0.12', 54862)
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
Traceback (most recent call last):
cryptography.fernet.InvalidToken
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])

During handling of the above exception, another exception occurred:

cryptography.exceptions.InvalidSignature: Signature did not match digest.
Traceback (most recent call last):

During handling of the above exception, another exception occurred:

  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
cryptography.fernet.InvalidToken
  File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
    auth_decoded = base64.b64decode(auth_header[6:])
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

During handling of the above exception, another exception occurred:

  File "/usr/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Traceback (most recent call last):
binascii.Error: Invalid base64-encoded string: number of data characters (117) cannot be 1 more than a multiple of 4
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
----------------------------------------
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
    auth_decoded = base64.b64decode(auth_header[6:])
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Invalid base64-encoded string: number of data characters (117) cannot be 1 more than a multiple of 4
----------------------------------------
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54864)
Exception occurred during processing of request from ('172.18.0.12', 54868)
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 97, in do_GET
    auth_decoded = base64.b64decode(auth_header[6:])
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
  File "/usr/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cryptography.exceptions.InvalidSignature: Signature did not match digest.
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

----------------------------------------
Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54882)
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54890)
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54906)
Traceback (most recent call last):
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------
----------------------------------------
Exception occurred during processing of request from ('172.18.0.12', 54918)
Traceback (most recent call last):
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 131, in _verify_signature
    h.verify(data[-32:])
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/nginx-ldap-auth-daemon.py", line 92, in do_GET
    auth_decoded = cipher_suite.decrypt(auth_decoded)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 149, in _decrypt_data
    self._verify_signature(data)
  File "/lsiopy/lib/python3.12/site-packages/cryptography/fernet.py", line 133, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/socketserver.py", line 697, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.12/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.12/socketserver.py", line 766, in __init__
    self.handle()
  File "/usr/lib/python3.12/http/server.py", line 436, in handle
    self.handle_one_request()
  File "/usr/lib/python3.12/http/server.py", line 424, in handle_one_request
    method()
  File "/app/nginx-ldap-auth-daemon.py", line 200, in do_GET
    if AuthHandler.do_GET(self):
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/nginx-ldap-auth-daemon.py", line 98, in do_GET
    auth_decoded = auth_decoded.decode("utf-8")
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x80 in position 0: invalid start byte
----------------------------------------

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[aptalca]

Didn't dig into the logs in detail but working for a week and then not could suggest time sync/drift issues.

[Magnus010]

I believe the logs are mostly just repeated queries. I think the issue might be because my web session was running for a long time and maybe the Nginx cache timed out?

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[Magnus010]

I believe this pull request will resolve the issues:
#61

If there are better ways to do my proposed changes, I am willing to update the pull request.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[LinuxServer-CI]

This issue is locked due to inactivity