yahoo-eng-team team mailing list archive

Thread
Date

[Bug 974319] Re: auth_token does not quote token to validate

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <974319@xxxxxxxxxxxxxxxxxx>
Date: Wed, 29 May 2013 16:52:31 -0000
Reply-to: Bug 974319 <974319@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: python-keystoneclient
    Milestone: None => 0.2.1

** Changed in: python-keystoneclient
       Status: Fix Committed => Fix Released

** Changed in: python-keystoneclient
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/974319

Title:
  auth_token does not quote token to validate

Status in OpenStack Identity (Keystone):
  Won't Fix
Status in Keystone essex series:
  Invalid
Status in Python client library for Keystone:
  Fix Released

Bug description:
  When we are sending a bogus token with a space to validate like :

  "foo bar"

  I am getting this error message :

    File "/opt/stack/swift/swift/common/middleware/catch_errors.py", line 47, in __call__
      return self.app(env, my_start_response)
    File "/opt/stack/swift/swift/common/middleware/healthcheck.py", line 38, in __call__
      return self.app(env, start_response)
    File "/opt/stack/swift/swift/common/middleware/memcache.py", line 47, in __call__
      return self.app(env, start_response)
    File "/opt/stack/swift/swift/common/middleware/swift3.py", line 460, in __call__
      return self.app(env, start_response)
    File "/opt/stack/keystone/keystone/middleware/s3_token.py", line 126, in __call__
      return self.app(environ, start_response)
    File "/opt/stack/keystone/keystone/middleware/auth_token.py", line 174, in __call__
      user_headers = self._build_user_headers(token_info)
    File "/opt/stack/keystone/keystone/middleware/auth_token.py", line 397, in _build_user_headers
      user = token_info['access']['user']
  KeyError: 'access' (txn: txfa72e0ad18394a60bcb2fd00a100e7bb)

  Reason seems to be because on auth_token.py the token sent to keystone
  to validate is unquoted and sent as is which come back as a 200.

  I am not entirely sure if this is httplib or keystone coming back as
  200 here is a snippet describing what i mean :

  http://pastie.org/private/ywjzcrawgwdh25nzuma

  See the second test (unquote with a space) will return as 200.

  Fixing the problem by quoting token before validating in keystone is
  trivial to fix the problem but I wonder if there is more to that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/974319/+subscriptions