diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py index fc635fff..84cdc698 100644 --- a/glanceclient/common/http.py +++ b/glanceclient/common/http.py @@ -24,6 +24,7 @@ from oslo_utils import importutils from oslo_utils import netutils import requests import six +import six.moves.urllib.parse as urlparse try: import json @@ -53,8 +54,26 @@ def encode_headers(headers): :returns: Dictionary with encoded headers' names and values """ - return dict((encodeutils.safe_encode(h), encodeutils.safe_encode(v)) - for h, v in headers.items() if v is not None) + # NOTE(rosmaita): This function's rejection of any header name without a + # corresponding value is arguably justified by RFC 7230. In any case, that + # behavior was already here and there is an existing unit test for it. + + # Bug #1766235: According to RFC 8187, headers must be encoded as ASCII. + # So we first %-encode them to get them into range < 128 and then turn + # them into ASCII. + if six.PY2: + # incoming items may be unicode, so get them into something + # the py2 version of urllib can handle before percent encoding + encoded_dict = dict((urlparse.quote(encodeutils.safe_encode(h)), + urlparse.quote(encodeutils.safe_encode(v))) + for h, v in headers.items() if v is not None) + else: + encoded_dict = dict((urlparse.quote(h), urlparse.quote(v)) + for h, v in headers.items() if v is not None) + + return dict((encodeutils.safe_encode(h, encoding='ascii'), + encodeutils.safe_encode(v, encoding='ascii')) + for h, v in encoded_dict.items()) class _BaseHTTPClient(object): diff --git a/glanceclient/tests/unit/test_http.py b/glanceclient/tests/unit/test_http.py index cec94e05..efd15bfb 100644 --- a/glanceclient/tests/unit/test_http.py +++ b/glanceclient/tests/unit/test_http.py @@ -216,10 +216,15 @@ class TestClient(testtools.TestCase): def test_headers_encoding(self): value = u'ni\xf1o' - headers = {"test": value, "none-val": None} + headers = {"test": value, "none-val": None, "Name": "value"} encoded = http.encode_headers(headers) - self.assertEqual(b"ni\xc3\xb1o", encoded[b"test"]) + # Bug #1766235: According to RFC 8187, headers must be + # encoded as 7-bit ASCII, so expect to see only displayable + # chars in percent-encoding + self.assertEqual(b"ni%C3%B1o", encoded[b"test"]) self.assertNotIn("none-val", encoded) + self.assertNotIn(b"none-val", encoded) + self.assertEqual(b"value", encoded[b"Name"]) @mock.patch('keystoneauth1.adapter.Adapter.request') def test_http_duplicate_content_type_headers(self, mock_ksarq): @@ -466,4 +471,7 @@ class TestClient(testtools.TestCase): http_client.auth_token = unicode_token http_client.get(path) headers = self.mock.last_request.headers - self.assertEqual(b'ni\xc3\xb1o', headers['X-Auth-Token']) + # Bug #1766235: According to RFC 8187, headers must be + # encoded as 7-bit ASCII, so expect to see only displayable + # chars in percent-encoding + self.assertEqual(b'ni%C3%B1o', headers['X-Auth-Token']) diff --git a/lower-constraints.txt b/lower-constraints.txt index c3bea383..eac0111d 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -23,7 +23,7 @@ Jinja2==2.10 jsonpatch==1.16 jsonpointer==1.13 jsonschema==2.6.0 -keystoneauth1==3.4.0 +keystoneauth1==3.6.2 linecache2==1.0.0 MarkupSafe==1.0 mccabe==0.2.1 diff --git a/requirements.txt b/requirements.txt index e849053f..25b670a0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ # process, which may cause wedges in the gate later. pbr!=2.1.0,>=2.0.0 # Apache-2.0 PrettyTable<0.8,>=0.7.1 # BSD -keystoneauth1>=3.4.0 # Apache-2.0 +keystoneauth1>=3.6.2 # Apache-2.0 requests>=2.14.2 # Apache-2.0 warlock<2,>=1.2.0 # Apache-2.0 six>=1.10.0 # MIT