yahoo-eng-team team mailing list archive

[Kirill Zaborsky <qrilka@xxxxxxxxx>]

Public bug reported:

It looks like Keystone hashes only PKI tokens - https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741 does not takes hashing into account (and checks only already hashed data and hot hashing itself)
And that should make token revocation for PKIZ tokens broken.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1355125

Title:
  keystonemiddleware appears not to hash PKIZ tokens

Status in OpenStack Identity (Keystone):
  New

Bug description:
  It looks like Keystone hashes only PKI tokens - https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
  and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741 does not takes hashing into account (and checks only already hashed data and hot hashing itself)
  And that should make token revocation for PKIZ tokens broken.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1355125/+subscriptions