← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #33192

[Bug 1459483] [NEW] able to validate a Fernet token with garbage at the end

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I am able to verify Fernet tokens that contain garbage at the end, not
so with UUID tokens.

For example.

UUID:

curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2"
http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2

Works

curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE
{"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}}

Fernet on the other hand happily validates it even with garbage and even
inserts -GARBAGE into the ID.

curl -H "X-Auth-Token
:gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-
TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D"
http://localhostt:35357/v2.0/tokens
/gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-
TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D

        "token": {
            "audit_ids": [
                "WlVgiNv2RmOGaDa_4PpGGg"
            ],
            "expires": "2015-05-28T03:59:32.000000Z",
            "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=",
            "issued_at": "2015-05-28T01:59:32.000000Z",
            "tenant": {
                "description": "Cloud Infra: Admin Tenant",
                "enabled": true,
                "id": "4764ba822ecb43e582794b875751924c",
                "name": "admin",
                "parent_id": null
            }
        },


        "token": {
            "audit_ids": [
                "WlVgiNv2RmOGaDa_4PpGGg"
            ],
            "expires": "2015-05-28T03:59:32.000000Z",
            "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE",
            "issued_at": "2015-05-28T01:59:32.000000Z",
            "tenant": {
                "description": "Cloud Infra: Admin Tenant",
                "enabled": true,
                "id": "4764ba822ecb43e582794b875751924c",
                "name": "admin",
                "parent_id": null
            }
        },

** Affects: keystone
     Importance: Undecided
         Status: New

** Summary changed:

- able to verify a Fernet token with garbage at the end
+ able to validate a Fernet token with garbage at the end

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1459483

Title:
  able to validate a Fernet token with garbage at the end

Status in OpenStack Identity (Keystone):
  New

Bug description:
  I am able to verify Fernet tokens that contain garbage at the end, not
  so with UUID tokens.

  For example.

  UUID:

  curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2"
  http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2

  Works

  curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE
  {"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}}

  Fernet on the other hand happily validates it even with garbage and
  even inserts -GARBAGE into the ID.

  curl -H "X-Auth-Token
  :gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-
  TmIAgkHcy0TsCBioof-
  Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D"
  http://localhostt:35357/v2.0/tokens
  /gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-
  TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D

          "token": {
              "audit_ids": [
                  "WlVgiNv2RmOGaDa_4PpGGg"
              ],
              "expires": "2015-05-28T03:59:32.000000Z",
              "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=",
              "issued_at": "2015-05-28T01:59:32.000000Z",
              "tenant": {
                  "description": "Cloud Infra: Admin Tenant",
                  "enabled": true,
                  "id": "4764ba822ecb43e582794b875751924c",
                  "name": "admin",
                  "parent_id": null
              }
          },

  
          "token": {
              "audit_ids": [
                  "WlVgiNv2RmOGaDa_4PpGGg"
              ],
              "expires": "2015-05-28T03:59:32.000000Z",
              "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE",
              "issued_at": "2015-05-28T01:59:32.000000Z",
              "tenant": {
                  "description": "Cloud Infra: Admin Tenant",
                  "enabled": true,
                  "id": "4764ba822ecb43e582794b875751924c",
                  "name": "admin",
                  "parent_id": null
              }
          },

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1459483/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next