auth_prefix option in tempauth middleware does not work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
Christopher Bartz |
Bug Description
It is not possible to generate tokens using the tempauth middleware, if an auth_prefix different from "/auth/" , "/v1.0/" or "/v1/" is used. The result of such a try is a HTTP 400 (Bad request).
The reason lies in a bug in the "handle_get_token" method in swift.common.
The split_path method on the request object considers the full path, although it is desired to only use the suffix after the auth_prefix.
The bugfix would be to replace
version, account, user, _junk = req.split_path(1, 4, True)
with
version, account, user, _junk = split_path(
CVE References
Changed in swift: | |
assignee: | nobody → Christopher Bartz (bartz) |
Changed in swift: | |
status: | Confirmed → In Progress |
Bug confirmed, possible fix not yet tested.
Christopher, do you want to submit a patch? Otherwise I can do that as well. Also, we should add a simple test to avoid regression.