From 72b274defc2acd7e70f680912dd64bb21b757a64 Mon Sep 17 00:00:00 2001 From: Dave Chen Date: Sun, 31 Jul 2016 17:16:24 +0800 Subject: [PATCH] Replace the content type with correct one The content type `application/x-www-urlformencoded` used in OAuth1 extension is not spelled correctly, the correct one should be `application/x-www-form-urlencoded` according to W3C recommendation [1] and implementaion in oauth1 lib [2]. [1] https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1 [2] https://github.com/idan/oauthlib/blob/master/oauthlib/oauth1/rfc5849/__init__.py#L39 Change-Id: I9ead0a633e3801f5150685c44b1174d3b4dc408c --- keystone/oauth1/controllers.py | 4 ++-- keystone/tests/unit/test_v3_oauth1.py | 22 +++++++++---------- ...headers-content-type-9a9245d9bbec8f8e.yaml | 6 +++++ 3 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 releasenotes/notes/oauth1-headers-content-type-9a9245d9bbec8f8e.yaml diff --git a/keystone/oauth1/controllers.py b/keystone/oauth1/controllers.py index 11b3365542..277b677abb 100644 --- a/keystone/oauth1/controllers.py +++ b/keystone/oauth1/controllers.py @@ -260,7 +260,7 @@ class OAuthControllerV3(controller.V3Controller): expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit - headers = [('Content-Type', 'application/x-www-urlformencoded')] + headers = [('Content-Type', 'application/x-www-form-urlencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, @@ -341,7 +341,7 @@ class OAuthControllerV3(controller.V3Controller): expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit - headers = [('Content-Type', 'application/x-www-urlformencoded')] + headers = [('Content-Type', 'application/x-www-form-urlencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py index 1dcfc8887c..6145b0a19c 100644 --- a/keystone/tests/unit/test_v3_oauth1.py +++ b/keystone/tests/unit/test_v3_oauth1.py @@ -268,7 +268,7 @@ class OAuthFlowTests(OAuth1Tests): self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -287,7 +287,7 @@ class OAuthFlowTests(OAuth1Tests): self.request_token) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) access_key = credentials['oauth_token'][0] access_secret = credentials['oauth_token_secret'][0] @@ -544,7 +544,7 @@ class AuthTokenTests(object): self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -647,7 +647,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_request_token(consumer, self.project_id) self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') url = self._authorize_request_token(uuid.uuid4().hex) body = {'roles': [{'id': self.role_id}]} self.put(url, body=body, expected_status=http_client.NOT_FOUND) @@ -678,7 +678,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_request_token(consumer, self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -704,7 +704,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): url, headers = self._create_request_token(consumer, self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] @@ -728,7 +728,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -751,7 +751,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -768,7 +768,7 @@ class MaliciousOAuth1Tests(OAuth1Tests): self.request_token) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) access_key = credentials['oauth_token'][0] access_secret = credentials['oauth_token_secret'][0] @@ -852,7 +852,7 @@ class OAuthNotificationTests(OAuth1Tests, self.project_id) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) request_key = credentials['oauth_token'][0] request_secret = credentials['oauth_token_secret'][0] @@ -881,7 +881,7 @@ class OAuthNotificationTests(OAuth1Tests, self.request_token) content = self.post( url, headers=headers, - response_content_type='application/x-www-urlformencoded') + response_content_type='application/x-www-form-urlencoded') credentials = _urllib_parse_qs_text_keys(content.result) access_key = credentials['oauth_token'][0] access_secret = credentials['oauth_token_secret'][0] diff --git a/releasenotes/notes/oauth1-headers-content-type-9a9245d9bbec8f8e.yaml b/releasenotes/notes/oauth1-headers-content-type-9a9245d9bbec8f8e.yaml new file mode 100644 index 0000000000..a6d727fdb9 --- /dev/null +++ b/releasenotes/notes/oauth1-headers-content-type-9a9245d9bbec8f8e.yaml @@ -0,0 +1,6 @@ +--- +other: + - > + The response's content type for creating request token or access token + is changed to `application/x-www-form-urlencoded`, the old value + `application/x-www-urlformencoded` is invalid and will no longer be used.