Sanitizes authentication methods received in requests.
When a user authenticates against Identity V3 API, he can specify
multiple authentication methods. This patch removes duplicates, which
could have been used to achieve DoS attacks.
Closes-Bug: 1300274
(cherry picked from commit ef868ad92c
)
Cherry-pick from https://review.openstack.org/#/c/84425/
Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab
This commit is contained in:
parent
a96d1a44bc
commit
e364ba5b12
|
@ -225,7 +225,13 @@ class AuthInfo(object):
|
||||||
:returns: list of auth method names
|
:returns: list of auth method names
|
||||||
|
|
||||||
"""
|
"""
|
||||||
return self.auth['identity']['methods'] or []
|
# Sanitizes methods received in request's body
|
||||||
|
# Filters out duplicates, while keeping elements' order.
|
||||||
|
method_names = []
|
||||||
|
for method in self.auth['identity']['methods']:
|
||||||
|
if method not in method_names:
|
||||||
|
method_names.append(method)
|
||||||
|
return method_names
|
||||||
|
|
||||||
def get_method_data(self, method):
|
def get_method_data(self, method):
|
||||||
"""Get the auth method payload.
|
"""Get the auth method payload.
|
||||||
|
|
|
@ -81,6 +81,18 @@ class TestAuthInfo(test_v3.RestfulTestCase):
|
||||||
None,
|
None,
|
||||||
auth_data)
|
auth_data)
|
||||||
|
|
||||||
|
def test_get_method_names_duplicates(self):
|
||||||
|
auth_data = self.build_authentication_request(
|
||||||
|
token='test',
|
||||||
|
user_id='test',
|
||||||
|
password='test')['auth']
|
||||||
|
auth_data['identity']['methods'] = ['password', 'token',
|
||||||
|
'password', 'password']
|
||||||
|
context = None
|
||||||
|
auth_info = auth.controllers.AuthInfo(context, auth_data)
|
||||||
|
self.assertEqual(auth_info.get_method_names(),
|
||||||
|
['password', 'token'])
|
||||||
|
|
||||||
def test_get_method_data_invalid_method(self):
|
def test_get_method_data_invalid_method(self):
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
user_id='test',
|
user_id='test',
|
||||||
|
|
Loading…
Reference in New Issue