yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1736875] [NEW] Keystone raise 500 error when authorize request token with invalid body

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: wangxiyuan <wangxiyuan@xxxxxxxxxx>
Date: Thu, 07 Dec 2017 06:51:12 -0000
Reply-to: Bug 1736875 <1736875@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Keystone raise 500 error when authorize request token with invalid body.
reproduce:
1. create a request token first, suppose the token key is f13b2c6755634131b59cf5fa08d49331
2. PUT http://keystone-server/v3/OS-OAUTH1/authorize/f13b2c6755634131b59cf5fa08d49331 with body:

{
	"roles": [
		{
			"id": "711aa6371a6343a9a43e8a310fbe4a6f"
		},
		{
			"name": "admin"
		}
	]
}

Keystone will raise 500 error. error log:

 Traceback (most recent call last):
   File "/opt/stack/keystone/keystone/common/wsgi.py", line 226, in __call__
     result = method(req, **params)
   File "/opt/stack/keystone/keystone/common/controller.py", line 82, in inner
     return f(self, request, *args, **kwargs)
   File "/opt/stack/keystone/keystone/oauth1/controllers.py", line 404, in authorize_request_token
     authed_roles.add(role['id'])
 KeyError: 'id'

here are two things we can improve:
1. Add the schema check for request token authorize API
2. Support role name.

To fix the 500 error, step 1 is enough.

** Affects: keystone
     Importance: Undecided
     Assignee: wangxiyuan (wangxiyuan)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => wangxiyuan (wangxiyuan)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1736875

Title:
  Keystone raise 500 error when authorize request token with invalid
  body

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone raise 500 error when authorize request token with invalid body.
  reproduce:
  1. create a request token first, suppose the token key is f13b2c6755634131b59cf5fa08d49331
  2. PUT http://keystone-server/v3/OS-OAUTH1/authorize/f13b2c6755634131b59cf5fa08d49331 with body:

  {
  	"roles": [
  		{
  			"id": "711aa6371a6343a9a43e8a310fbe4a6f"
  		},
  		{
  			"name": "admin"
  		}
  	]
  }

  Keystone will raise 500 error. error log:

   Traceback (most recent call last):
     File "/opt/stack/keystone/keystone/common/wsgi.py", line 226, in __call__
       result = method(req, **params)
     File "/opt/stack/keystone/keystone/common/controller.py", line 82, in inner
       return f(self, request, *args, **kwargs)
     File "/opt/stack/keystone/keystone/oauth1/controllers.py", line 404, in authorize_request_token
       authed_roles.add(role['id'])
   KeyError: 'id'

  here are two things we can improve:
  1. Add the schema check for request token authorize API
  2. Support role name.

  To fix the 500 error, step 1 is enough.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1736875/+subscriptions

Follow ups

[Bug 1736875] Re: Keystone raise 500 error when authorize request token with invalid body
From: OpenStack Infra, 2018-01-17