OpenStack Identity (keystone)

Validate token response: username -> name

Bug #878431 reported by Liem Nguyen
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Yogeshwar
OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

Branch: stable/diablo

In auth_token.py (282):

verified_claims = {'user': token_info['access']['user']['username'],

should be:

verified_claims = {'user': token_info['access']['user']['name'],

* And Keystone server should return "name" instead of "username" for the AuthenticateResponse as described in the token.xsd.

See original description
Liem Nguyen (liemmn)
Changed in keystone:
assignee: nobody → Liem Nguyen (liemmn)
Liem Nguyen (liemmn)
description: updated
Changed in keystone:
assignee: Liem Nguyen (liemmn) → nobody
Liem Nguyen (liemmn)
summary: - token_auth middleware: username -> name
+ Validate token response: username -> name
Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

The user should return username as per contract.

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

Iam wrong it has to be name.That is what token.xsd has.

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

The api code is correctly returning name .However middleware code is checking for username.The middleware need to be fixed.

Yogeshwar (yogesh-srikrishnan)
Changed in keystone:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Yogeshwar (yogesh-srikrishnan)
Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/1454
Committed: http://github.com/openstack/keystone/commit/009f2c9ce50582fc3dd44690d2495f77e079ede0
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit 009f2c9ce50582fc3dd44690d2495f77e079ede0
Author: Yogeshwar Srikrishnan <email address hidden>
Date: Wed Nov 9 10:11:20 2011 -0600

    bug 878431: Minor changes to auth_token middleware.

    Change-Id: I3aa28db2dcd0be0f19f7e25ac1741e34fb145220

Changed in keystone:
status: Confirmed → Fix Committed
Revision history for this message
Dolph Mathews (dolph) wrote :

This bug was reported for stable/diablo -- are you backporting the above fix?

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

The bug was applicable even in the current code.It could be backported.

Revision history for this message
Dolph Mathews (dolph) wrote :

Tested the above fix against stable/diablo and it doesn't appear to be applicable, without also changing the API schema as Liem points out. As a result, this fix should NOT be backported.

Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote :

Reviewed: https://review.openstack.org/1574
Committed: http://github.com/openstack/keystone/commit/719d6ed06a6f26cbbf7d03a490aaf9b28bfab593
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit 719d6ed06a6f26cbbf7d03a490aaf9b28bfab593
Author: Ziad Sawalha <email address hidden>
Date: Fri Nov 11 17:16:41 2011 -0600

    Adding middleware tests

    Middleware tests start a fake echo app and put the auth_token.py
    middleware in front of it and then simulate calls. The tests
    check the correct response for unauthenticated calls and also
    that the right headers are being passed down to the fake app from
    the middleware (the fake app echos the headers it receives)

    Includes fixes discovered in testing and non-breaking fix
    for Bug 878431

    Update testing options to support verbosity and selecting
    individual tests

    Addresses bug 890777

    Fixes to middleware tests that were hanging Jenkins
    - needed to add support for SSL tests

    Change-Id: Iea273196f1782653eccdcf0f2391eacb1434aa8e

Thierry Carrez (ttx)
Changed in keystone:
milestone: none → essex-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: essex-2 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.