yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1616424] [NEW] Keystone OAuth1 doesn't handle invalid request properly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dave Chen <wei.d.chen@xxxxxxxxx>
Date: Wed, 24 Aug 2016 10:55:33 -0000
Reply-to: Bug 1616424 <1616424@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

For the access token request,


- If the signature is not valid, it will raise TypeError exception.

2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/common/wsgi.py", line 227, in __call__
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     result = method(req, **params)
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/controllers.py", line 309, in create_access_token
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     params = oauth1.extract_non_oauth_params(b)
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/core.py", line 108, in extract_non_oauth_params
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     return {k: v for k, v in params if not k.startswith('oauth_')}
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi TypeError: 'NoneType' object is not iterable
2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi

- If the provided consumer does not exist, it will throw
NotImplementedError exception to show that dummy_client is not
implemented.

All these exception is not properly handled, end user doens't know
anything from these exception message. It should be Unauthorized
exception raised.

** Affects: keystone
     Importance: Undecided
     Assignee: Dave Chen (wei-d-chen)
         Status: New

** Description changed:

- For the access token request, if the signature is not valid, it will
- raise TypeError exception.
+ For the access token request,
+ 
+ 
+ - If the signature is not valid, it will raise TypeError exception.
  
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/common/wsgi.py", line 227, in __call__
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     result = method(req, **params)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/controllers.py", line 309, in create_access_token
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     params = oauth1.extract_non_oauth_params(b)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/core.py", line 108, in extract_non_oauth_params
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     return {k: v for k, v in params if not k.startswith('oauth_')}
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi TypeError: 'NoneType' object is not iterable
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi
  
+ - If the provided consumer does not exist, it will throw
+ NotImplementedError exception to show that dummy_client is not
+ implemented.
  
- If the provided consumer does not exist, it will throw NotImplementedError exception to show that dummy_client is not implemented.
- 
- 
- All these exception is not properly handled, end user doens't know anything from these exception message. It should be Unauthorized exception raised.
+ All these exception is not properly handled, end user doens't know
+ anything from these exception message. It should be Unauthorized
+ exception raised.

** Changed in: keystone
     Assignee: (unassigned) => Dave Chen (wei-d-chen)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1616424

Title:
  Keystone OAuth1 doesn't handle invalid request properly

Status in OpenStack Identity (keystone):
  New

Bug description:
  For the access token request,

  
  - If the signature is not valid, it will raise TypeError exception.

  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/common/wsgi.py", line 227, in __call__
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     result = method(req, **params)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/controllers.py", line 309, in create_access_token
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     params = oauth1.extract_non_oauth_params(b)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/core.py", line 108, in extract_non_oauth_params
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     return {k: v for k, v in params if not k.startswith('oauth_')}
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi TypeError: 'NoneType' object is not iterable
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi

  - If the provided consumer does not exist, it will throw
  NotImplementedError exception to show that dummy_client is not
  implemented.

  All these exception is not properly handled, end user doens't know
  anything from these exception message. It should be Unauthorized
  exception raised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1616424/+subscriptions
Follow ups

[Bug 1616424] Re: Keystone OAuth1 doesn't handle invalid request properly
From: OpenStack Infra, 2016-09-21