yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1616424] Re: Keystone OAuth1 doesn't handle invalid request properly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1616424@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Sep 2016 18:24:20 -0000
Reply-to: Bug 1616424 <1616424@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/359795
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=be5385c5389aa9c4879647c9b9e4327cc73189a2
Submitter: Jenkins
Branch:    master

commit be5385c5389aa9c4879647c9b9e4327cc73189a2
Author: Dave Chen <wei.d.chen@xxxxxxxxx>
Date:   Wed Aug 24 18:54:14 2016 +0800

    Handle the exception from creating access token properly
    
    If there is any request from client with any invalid request
    parameters, invalid signature for example, keystone should
    capture that and raise the exception.
    
    It was `NotImplementedError`, `TypeError` thrown out and
    presented directly to end user, and nothing helpful message
    is given.
    
    This patch fix that and show as many exception message that
    is helpful for diagnosis as possible.
    
    Change-Id: I112d0cd0c8a460c7b4d8d0e1c0b9c742aab9fde7
    Closes-Bug: #1616424


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1616424

Title:
  Keystone OAuth1 doesn't handle invalid request properly

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  For the access token request,

  
  - If the signature is not valid, it will raise TypeError exception.

  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/common/wsgi.py", line 227, in __call__
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     result = method(req, **params)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/controllers.py", line 309, in create_access_token
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     params = oauth1.extract_non_oauth_params(b)
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi   File "./keystone/oauth1/core.py", line 108, in extract_non_oauth_params
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi     return {k: v for k, v in params if not k.startswith('oauth_')}
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi TypeError: 'NoneType' object is not iterable
  2016-08-23 16:45:19.705 5202 TRACE keystone.common.wsgi

  - If the provided consumer does not exist, it will throw
  NotImplementedError exception to show that dummy_client is not
  implemented.

  All these exception is not properly handled, end user doens't know
  anything from these exception message. It should be Unauthorized
  exception raised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1616424/+subscriptions

References

[Bug 1616424] [NEW] Keystone OAuth1 doesn't handle invalid request properly
From: Dave Chen, 2016-08-24