strip whitespace from token
This change strips whitespace from incoming tokens to prevent errors that are difficult for a caller to root cause. Change-Id: I4b3fd18314c3ca94beb3b0c8c17280451d6c8755 Closes-Bug: #1689468
This commit is contained in:
parent
fe241a0ad9
commit
efb1fb99d8
|
@ -430,6 +430,9 @@ class BaseAuthProtocol(object):
|
||||||
|
|
||||||
def _do_fetch_token(self, token, **kwargs):
|
def _do_fetch_token(self, token, **kwargs):
|
||||||
"""Helper method to fetch a token and convert it into an AccessInfo."""
|
"""Helper method to fetch a token and convert it into an AccessInfo."""
|
||||||
|
# NOTE(edmondsw): strip the token to remove any whitespace that may
|
||||||
|
# have been passed along in the header per bug 1689468
|
||||||
|
token = token.strip()
|
||||||
if self.kwargs_to_fetch_token:
|
if self.kwargs_to_fetch_token:
|
||||||
data = self.fetch_token(token, **kwargs)
|
data = self.fetch_token(token, **kwargs)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -89,7 +89,7 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
||||||
|
|
||||||
@webob.dec.wsgify
|
@webob.dec.wsgify
|
||||||
def _do_cb(req):
|
def _do_cb(req):
|
||||||
self.assertEqual(token_id, req.headers['X-Auth-Token'])
|
self.assertEqual(token_id, req.headers['X-Auth-Token'].strip())
|
||||||
|
|
||||||
self.assertEqual('Confirmed', req.headers['X-Identity-Status'])
|
self.assertEqual('Confirmed', req.headers['X-Identity-Status'])
|
||||||
self.assertNotIn('X-Service-Token', req.headers)
|
self.assertNotIn('X-Service-Token', req.headers)
|
||||||
|
@ -110,6 +110,10 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
||||||
m = FetchingMiddleware(_do_cb, token_dict)
|
m = FetchingMiddleware(_do_cb, token_dict)
|
||||||
self.call(m, headers={'X-Auth-Token': token_id})
|
self.call(m, headers={'X-Auth-Token': token_id})
|
||||||
|
|
||||||
|
# also try with whitespace in the token
|
||||||
|
self.call(m, headers={'X-Auth-Token': token_id + ' '})
|
||||||
|
self.call(m, headers={'X-Auth-Token': token_id + '\r'})
|
||||||
|
|
||||||
def test_invalid_user_token(self):
|
def test_invalid_user_token(self):
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
|
|
||||||
|
@ -149,7 +153,7 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
||||||
|
|
||||||
@webob.dec.wsgify
|
@webob.dec.wsgify
|
||||||
def _do_cb(req):
|
def _do_cb(req):
|
||||||
self.assertEqual(token_id, req.headers['X-Service-Token'])
|
self.assertEqual(token_id, req.headers['X-Service-Token'].strip())
|
||||||
|
|
||||||
self.assertEqual('Confirmed',
|
self.assertEqual('Confirmed',
|
||||||
req.headers['X-Service-Identity-Status'])
|
req.headers['X-Service-Identity-Status'])
|
||||||
|
@ -171,6 +175,10 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
||||||
m = FetchingMiddleware(_do_cb, token_dict)
|
m = FetchingMiddleware(_do_cb, token_dict)
|
||||||
self.call(m, headers={'X-Service-Token': token_id})
|
self.call(m, headers={'X-Service-Token': token_id})
|
||||||
|
|
||||||
|
# also try with whitespace in the token
|
||||||
|
self.call(m, headers={'X-Service-Token': token_id + ' '})
|
||||||
|
self.call(m, headers={'X-Service-Token': token_id + '\r'})
|
||||||
|
|
||||||
def test_invalid_service_token(self):
|
def test_invalid_service_token(self):
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue