← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #70414

[Bug 1736875] Re: Keystone raise 500 error when authorize request token with invalid body

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/526296
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=1f0473a597c7420b9a98face33a30d5e57592dc7
Submitter: Zuul
Branch:    master

commit 1f0473a597c7420b9a98face33a30d5e57592dc7
Author: wangxiyuan <wangxiyuan@xxxxxxxxxx>
Date:   Thu Dec 7 14:51:39 2017 +0800

    Add schema check for authorize request token
    
    This patch add the schema check for authorize
    request token API. It'll avoiding some 500 error
    caused by invalid input format and it will raise
    400 error correctly.
    
    This patch also add role name support for
    authorize request token
    
    Closes-bug: #1736875
    Change-Id: I9d113692702e7aaa0127ffa9405a17908c0c6ff7


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1736875

Title:
  Keystone raise 500 error when authorize request token with invalid
  body

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Keystone raise 500 error when authorize request token with invalid body.
  reproduce:
  1. create a request token first, suppose the token key is f13b2c6755634131b59cf5fa08d49331
  2. PUT http://keystone-server/v3/OS-OAUTH1/authorize/f13b2c6755634131b59cf5fa08d49331 with body:

  {
  	"roles": [
  		{
  			"id": "711aa6371a6343a9a43e8a310fbe4a6f"
  		},
  		{
  			"name": "admin"
  		}
  	]
  }

  Keystone will raise 500 error. error log:

   Traceback (most recent call last):
     File "/opt/stack/keystone/keystone/common/wsgi.py", line 226, in __call__
       result = method(req, **params)
     File "/opt/stack/keystone/keystone/common/controller.py", line 82, in inner
       return f(self, request, *args, **kwargs)
     File "/opt/stack/keystone/keystone/oauth1/controllers.py", line 404, in authorize_request_token
       authed_roles.add(role['id'])
   KeyError: 'id'

  here are two things we can improve:
  1. Add the schema check for request token authorize API
  2. Support role name.

  To fix the 500 error, step 1 is enough.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1736875/+subscriptions

References

  Thread PreviousDate PreviousThread Next