yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1607119] Re: TOTP auth not functional in python3

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1607119@xxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Jul 2016 03:30:51 -0000
Reply-to: Bug 1607119 <1607119@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/348081
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b2cb4c403f94fdf61100d43b59dedec1547c7364
Submitter: Jenkins
Branch:    master

commit b2cb4c403f94fdf61100d43b59dedec1547c7364
Author: adriant <adriant@xxxxxxxxxxxxxxx>
Date:   Thu Jul 28 11:24:58 2016 +1200

    TOTP auth not functional in python3
    
    Fixing a byte>str conversion bug present in the TOTP
    passcode generation function that was only present in python3
    which rendered TOTP auth non-functional in python3.
    
    Also adding a test to check passcode generation returns the
    correct format.
    
    Closes-Bug: #1607119
    
    Change-Id: Ie052d559c4eb2577d35caa9f6e240664cf4cf399


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1607119

Title:
  TOTP auth not functional in python3

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Because of how python3 handles byte>str conversion, the passcode
  generation function produces a mangled result in python3. The reason
  the unit tests still pass in python3 is because the tests also use the
  same function and thus the server and the tests are both sending and
  expecting the same mangled passcode.

  This would then mean that anyone correctly generating the passcode and
  attempting to authenticate via TOTP would fail because the server is
  expecting a mangled passcode.

  The fix is to not use six.text_type, as it does the wrong thing, and
  instead use .decode('utf-8') which produces the correct result in both
  python2 and python3.

  Example of why and how this happens:
  Python2:

  >>> passcode = b'123456'
  >>> print passcode
  123456
  >>> type(passcode)
  <type 'str'>
  >>> import six
  >>> six.text_type(passcode)
  u'123456'
  >>> type(six.text_type(passcode))
  <type 'unicode'>
  >>> otherstring = "openstack"
  >>> otherstring + passcode
  'openstack123456'
  >>> passcode.decode('utf-8')
  u'123456'
  >>> type(passcode.decode('utf-8'))
  <type 'unicode'>

  Python3:

  >>> passcode = b'123456'
  >>> print(passcode)
  b'123456'
  >>> type(passcode)
  <class 'bytes'>
  >>> import six
  >>> six.text_type(passcode)
  "b'123456'"
  >>> type(six.text_type(passcode))
  <class 'str'>
  >>> otherstring = "openstack"
  >>> otherstring + passcode
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
  TypeError: Can't convert 'bytes' object to str implicitly
  >>> otherstring + str(passcode)
  "openstackb'123456'"
  >>> passcode.decode('utf-8')
  '123456'
  >>> type(passcode.decode('utf-8'))
  <class 'str'>

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1607119/+subscriptions

References

[Bug 1607119] [NEW] TOTP auth not functional in python3
From: Adrian Turjak, 2016-07-27