openstack/python-keystoneclient
Code Issues Proposed changes

URL-encode user-supplied tokens (bug 974319)

Browse Source 
Change-Id: I7440f879edb8d61ea2382d5d4a56e32eacce4cfd
This commit is contained in:
Dolph Mathews
2012-12-13 12:31:06 -06:00
parent 095cdd1057
commit 308a773283
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
keystoneclient/middleware/auth_token.py
View File

@@ -109,6 +109,7 @@ import logging
import os
import stat
import time
import urllib
import webob
import webob.exc
@@ -177,6 +178,11 @@ def will_expire_soon(expiry):
return expiry < soon
def safe_quote(s):
"""URL-encode strings that are not already URL-encoded."""
return urllib.quote(s) if s == urllib.unquote(s) else s
class InvalidUserToken(Exception):
pass
@@ -692,9 +698,10 @@ class AuthProtocol(object):
"""
headers = {'X-Auth-Token': self.get_admin_token()}
response, data = self._json_request('GET',
'/v2.0/tokens/%s' % user_token,
additional_headers=headers)
response, data = self._json_request(
'GET',
'/v2.0/tokens/%s' % safe_quote(user_token),
additional_headers=headers)
if response.status == 200:
self._cache_put(user_token, data)

8
tests/test_auth_token_middleware.py
View File

@@ -668,3 +668,11 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
fortyseconds = datetime.datetime.utcnow() + datetime.timedelta(
seconds=40)
self.assertFalse(auth_token.will_expire_soon(fortyseconds))
class TokenEncodingTest(unittest.TestCase):
def test_unquoted_token(self):
self.assertEqual('foo%20bar', auth_token.safe_quote('foo bar'))
def test_quoted_token(self):
self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))