← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1491926] Re: Remove padding from Fernet tokens

 

Kilo is EOL

** Changed in: keystone/kilo
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1491926

Title:
  Remove padding from Fernet tokens

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) kilo series:
  Won't Fix

Bug description:
  In bug 1433372, we determined that we should percent encode Fernet
  tokens, because the padding characters (=) aren't considered URL safe
  by some RFCs.

  We also fail some tempest tests because clients sometimes decode or
  encode responses [0]. We should just remove the padding, that way
  clients don't have to worry about it. When we go to validate a token,
  we can determine what the padding is based on the length of the token:

  missing_padding = 4 - len(token) % 4
  if missing_padding:
      token += b'=' * missing_padding

  
  A patch can be proposed to master, stable/liberty, and stable/kilo to ensure that Fernet tokens can be validated regardless of padding. This is important to consider when upgrading from Kilo to Liberty or Kilo to Mitaka.

  [0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions


References