strip whitespace from token
This change strips whitespace from incoming tokens to prevent errors that are difficult for a caller to root cause. Change-Id: I4b3fd18314c3ca94beb3b0c8c17280451d6c8755 Closes-Bug: #1689468
This commit is contained in:
parent
fe241a0ad9
commit
efb1fb99d8
|
@ -430,6 +430,9 @@ class BaseAuthProtocol(object):
|
|||
|
||||
def _do_fetch_token(self, token, **kwargs):
|
||||
"""Helper method to fetch a token and convert it into an AccessInfo."""
|
||||
# NOTE(edmondsw): strip the token to remove any whitespace that may
|
||||
# have been passed along in the header per bug 1689468
|
||||
token = token.strip()
|
||||
if self.kwargs_to_fetch_token:
|
||||
data = self.fetch_token(token, **kwargs)
|
||||
else:
|
||||
|
|
|
@ -89,7 +89,7 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
|||
|
||||
@webob.dec.wsgify
|
||||
def _do_cb(req):
|
||||
self.assertEqual(token_id, req.headers['X-Auth-Token'])
|
||||
self.assertEqual(token_id, req.headers['X-Auth-Token'].strip())
|
||||
|
||||
self.assertEqual('Confirmed', req.headers['X-Identity-Status'])
|
||||
self.assertNotIn('X-Service-Token', req.headers)
|
||||
|
@ -110,6 +110,10 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
|||
m = FetchingMiddleware(_do_cb, token_dict)
|
||||
self.call(m, headers={'X-Auth-Token': token_id})
|
||||
|
||||
# also try with whitespace in the token
|
||||
self.call(m, headers={'X-Auth-Token': token_id + ' '})
|
||||
self.call(m, headers={'X-Auth-Token': token_id + '\r'})
|
||||
|
||||
def test_invalid_user_token(self):
|
||||
token_id = uuid.uuid4().hex
|
||||
|
||||
|
@ -149,7 +153,7 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
|||
|
||||
@webob.dec.wsgify
|
||||
def _do_cb(req):
|
||||
self.assertEqual(token_id, req.headers['X-Service-Token'])
|
||||
self.assertEqual(token_id, req.headers['X-Service-Token'].strip())
|
||||
|
||||
self.assertEqual('Confirmed',
|
||||
req.headers['X-Service-Identity-Status'])
|
||||
|
@ -171,6 +175,10 @@ class BaseAuthProtocolTests(testtools.TestCase):
|
|||
m = FetchingMiddleware(_do_cb, token_dict)
|
||||
self.call(m, headers={'X-Service-Token': token_id})
|
||||
|
||||
# also try with whitespace in the token
|
||||
self.call(m, headers={'X-Service-Token': token_id + ' '})
|
||||
self.call(m, headers={'X-Service-Token': token_id + '\r'})
|
||||
|
||||
def test_invalid_service_token(self):
|
||||
token_id = uuid.uuid4().hex
|
||||
|
||||
|
|
Loading…
Reference in New Issue