Browse Source

Double quote www_authenticate_uri

Based on the RFCs[1], in http header, a string of text is parsed
as a single value if it is quoted using double-quote marks.

This patch change the single quote to double quote in the header
"WWW-Authenticate" which is returned when 401 error raises.

[1]: https://tools.ietf.org/html/rfc7230#section-3.2.6
     https://tools.ietf.org/html/rfc7235#section-2.1

Change-Id: I524c93d30607ea6ab70de92ceea207ee77f34c25
Closes-bug: #1762362
tags/5.1.0
wangxiyuan 1 year ago
parent
commit
a78a25ea23

+ 1
- 1
keystonemiddleware/auth_token/__init__.py View File

@@ -679,7 +679,7 @@ class AuthProtocol(BaseAuthProtocol):
679 679
 
680 680
     @property
681 681
     def _reject_auth_headers(self):
682
-        header_val = 'Keystone uri=\'%s\'' % self._www_authenticate_uri
682
+        header_val = 'Keystone uri="%s"' % self._www_authenticate_uri
683 683
         return [('WWW-Authenticate', header_val)]
684 684
 
685 685
     def _token_hashes(self, token):

+ 9
- 9
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py View File

@@ -955,37 +955,37 @@ class CommonAuthTokenMiddlewareTest(object):
955 955
 
956 956
         resp = self.call_middleware(headers={'X-Auth-Token': 'invalid-token'},
957 957
                                     expected_status=401)
958
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
958
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
959 959
                          resp.headers['WWW-Authenticate'])
960 960
 
961 961
     def test_request_invalid_signed_token(self):
962 962
         token = self.examples.INVALID_SIGNED_TOKEN
963 963
         resp = self.call_middleware(headers={'X-Auth-Token': token},
964 964
                                     expected_status=401)
965
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
965
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
966 966
                          resp.headers['WWW-Authenticate'])
967 967
 
968 968
     def test_request_invalid_signed_pkiz_token(self):
969 969
         token = self.examples.INVALID_SIGNED_PKIZ_TOKEN
970 970
         resp = self.call_middleware(headers={'X-Auth-Token': token},
971 971
                                     expected_status=401)
972
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
972
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
973 973
                          resp.headers['WWW-Authenticate'])
974 974
 
975 975
     def test_request_no_token(self):
976 976
         resp = self.call_middleware(expected_status=401)
977
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
977
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
978 978
                          resp.headers['WWW-Authenticate'])
979 979
 
980 980
     def test_request_no_token_http(self):
981 981
         resp = self.call_middleware(method='HEAD', expected_status=401)
982
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
982
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
983 983
                          resp.headers['WWW-Authenticate'])
984 984
 
985 985
     def test_request_blank_token(self):
986 986
         resp = self.call_middleware(headers={'X-Auth-Token': ''},
987 987
                                     expected_status=401)
988
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
988
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
989 989
                          resp.headers['WWW-Authenticate'])
990 990
 
991 991
     def _get_cached_token(self, token, mode='md5'):
@@ -1119,7 +1119,7 @@ class CommonAuthTokenMiddlewareTest(object):
1119 1119
             self.assert_valid_last_url(token)
1120 1120
         else:
1121 1121
             self.assertEqual(401, resp.status_int)
1122
-            msg = "Keystone uri='https://keystone.example.com:1234'"
1122
+            msg = 'Keystone uri="https://keystone.example.com:1234"'
1123 1123
             self.assertEqual(msg, resp.headers['WWW-Authenticate'])
1124 1124
 
1125 1125
     def test_uuid_bind_token_disabled_with_kerb_user(self):
@@ -1645,7 +1645,7 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
1645 1645
         """Unscoped requests with no default tenant ID should be rejected."""
1646 1646
         resp = self.call_middleware(headers={'X-Auth-Token': token},
1647 1647
                                     expected_status=401)
1648
-        self.assertEqual("Keystone uri='https://keystone.example.com:1234'",
1648
+        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
1649 1649
                          resp.headers['WWW-Authenticate'])
1650 1650
 
1651 1651
     def test_unscoped_uuid_token_receives_401(self):
@@ -2013,7 +2013,7 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
2013 2013
         resp = self.call(middleware, expected_status=401)
2014 2014
         self.assertEqual(six.b(body), resp.body)
2015 2015
 
2016
-        self.assertEqual("Keystone uri='%s'" % www_authenticate_uri,
2016
+        self.assertEqual('Keystone uri="%s"' % www_authenticate_uri,
2017 2017
                          resp.headers['WWW-Authenticate'])
2018 2018
 
2019 2019
     def test_delayed_auth_values(self):

+ 6
- 0
releasenotes/notes/bug-1762362-3d092b15c7bab3a4.yaml View File

@@ -0,0 +1,6 @@
1
+---
2
+features:
3
+  - >
4
+    [`bug 1762362 <https://bugs.launchpad.net/keystonemiddleware/+bug/1762362>`_]
5
+    The value of the header "WWW-Authenticate" in a 401 (Unauthorized) response
6
+    now is double quoted to follow the RFC requirement.

Loading…
Cancel
Save