yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #60566
[Bug 1491926] Re: Remove padding from Fernet tokens
Kilo is EOL
** Changed in: keystone/kilo
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1491926
Title:
Remove padding from Fernet tokens
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) kilo series:
Won't Fix
Bug description:
In bug 1433372, we determined that we should percent encode Fernet
tokens, because the padding characters (=) aren't considered URL safe
by some RFCs.
We also fail some tempest tests because clients sometimes decode or
encode responses [0]. We should just remove the padding, that way
clients don't have to worry about it. When we go to validate a token,
we can determine what the padding is based on the length of the token:
missing_padding = 4 - len(token) % 4
if missing_padding:
token += b'=' * missing_padding
A patch can be proposed to master, stable/liberty, and stable/kilo to ensure that Fernet tokens can be validated regardless of padding. This is important to consider when upgrading from Kilo to Liberty or Kilo to Mitaka.
[0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions
References