OpenStack Identity (keystone)

Bug #1459483
Activity log

Activity log for bug #1459483

Date	Who	What changed	Old value	New value	Message
2015-05-28 02:06:29	Matt Fischer	bug			added bug
2015-05-28 02:06:57	Matt Fischer	summary	able to verify a Fernet token with garbage at the end	able to validate a Fernet token with garbage at the end
2015-05-28 13:39:30	Dolph Mathews	tags		fernet
2015-05-28 13:48:37	Dolph Mathews	keystone: status	New	Incomplete
2015-05-28 13:58:22	Matt Fischer	description	I am able to verify Fernet tokens that contain garbage at the end, not so with UUID tokens. For example. UUID: curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2 Works curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE {"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}} Fernet on the other hand happily validates it even with garbage and even inserts -GARBAGE into the ID. curl -H "X-Auth-Token:gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D" http://localhostt:35357/v2.0/tokens/gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } },	I am able to verify Fernet tokens that contain garbage at the end, not so with UUID tokens. For example. UUID: curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2 Works curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE {"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}} Fernet on the other hand happily validates it even with garbage and even inserts -GARBAGE into the ID. curl -H "X-Auth-Token:gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D" http://localhostt:35357/v2.0/tokens/gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, curl -H "X-Auth-Token:gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D" http://localhostt:35357/v2.0/tokens/gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D-GARBAGE "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } },
2015-05-28 14:03:46	Dolph Mathews	keystone: status	Incomplete	Confirmed
2015-05-28 14:03:54	Dolph Mathews	keystone: importance	Undecided	Medium
2015-05-31 04:34:45	Priti Desai	bug			added subscriber Priti Desai
2015-07-29 18:18:55	Dolph Mathews	bug			added subscriber Dolph Mathews
2016-03-15 21:42:22	Ron De Rose	keystone: assignee		Ron De Rose (ronald-de-rose)
2016-03-17 19:13:30	Ron De Rose	keystone: assignee	Ron De Rose (ronald-de-rose)
2016-03-18 22:12:12	Thomas Hsiao	bug			added subscriber Thomas Hsiao
2016-04-01 02:54:49	Ryosuke Mizuno	keystone: status	Confirmed	Invalid
2016-04-01 02:55:13	Ryosuke Mizuno	keystone: status	Invalid	Confirmed
2016-10-17 20:50:53	Thomas Hsiao	removed subscriber Thomas Hsiao
2016-11-15 04:42:08	Steve Martinelli	summary	able to validate a Fernet token with garbage at the end	able to validate a Fernet token with garbage at the end (cryptography limitation)