Merge "auth_token: fix issue when data in cache gets corrupted"
This commit is contained in:
commit
ee96389dbf
@ -239,6 +239,10 @@ class TokenCache(object):
|
|||||||
serialized = serialized.encode('utf8')
|
serialized = serialized.encode('utf8')
|
||||||
data = self._deserialize(serialized, context)
|
data = self._deserialize(serialized, context)
|
||||||
|
|
||||||
|
if data is None:
|
||||||
|
# In case decryption fails, e.g. data corrupted in memcached.
|
||||||
|
return None
|
||||||
|
|
||||||
if not isinstance(data, str):
|
if not isinstance(data, str):
|
||||||
data = data.decode('utf-8')
|
data = data.decode('utf-8')
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@
|
|||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
import fixtures
|
import fixtures
|
||||||
|
from unittest import mock
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _cache
|
from keystonemiddleware.auth_token import _cache
|
||||||
from keystonemiddleware.auth_token import _exceptions as exc
|
from keystonemiddleware.auth_token import _exceptions as exc
|
||||||
@ -122,6 +123,25 @@ class TestLiveMemcache(base.BaseAuthTokenTestCase):
|
|||||||
token_cache.set(token, data)
|
token_cache.set(token, data)
|
||||||
self.assertEqual(token_cache.get(token), data)
|
self.assertEqual(token_cache.get(token), data)
|
||||||
|
|
||||||
|
@mock.patch("keystonemiddleware.auth_token._memcache_crypt.unprotect_data")
|
||||||
|
def test_corrupted_cache_data(self, mocked_decrypt_data):
|
||||||
|
mocked_decrypt_data.side_effect = Exception("corrupted")
|
||||||
|
|
||||||
|
conf = {
|
||||||
|
'memcached_servers': ','.join(MEMCACHED_SERVERS),
|
||||||
|
'memcache_security_strategy': 'encrypt',
|
||||||
|
'memcache_secret_key': 'mysecret'
|
||||||
|
}
|
||||||
|
|
||||||
|
token = uuid.uuid4().hex.encode()
|
||||||
|
data = uuid.uuid4().hex
|
||||||
|
|
||||||
|
token_cache = self.create_simple_middleware(conf=conf)._token_cache
|
||||||
|
token_cache.initialize({})
|
||||||
|
|
||||||
|
token_cache.set(token, data)
|
||||||
|
self.assertIsNone(token_cache.get(token))
|
||||||
|
|
||||||
def test_sign_cache_data(self):
|
def test_sign_cache_data(self):
|
||||||
conf = {
|
conf = {
|
||||||
'memcached_servers': ','.join(MEMCACHED_SERVERS),
|
'memcached_servers': ','.join(MEMCACHED_SERVERS),
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
In situation of encryption using memcached. Its possible that data
|
||||||
|
in memcached becomes un-decryptable. The previous implementation
|
||||||
|
of token cache was not correctly handling the case.
|
Loading…
Reference in New Issue
Block a user