Public bug reported: I am able to verify Fernet tokens that contain garbage at the end, not so with UUID tokens.
For example. UUID: curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2 Works curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE {"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}} Fernet on the other hand happily validates it even with garbage and even inserts -GARBAGE into the ID. curl -H "X-Auth-Token :gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS- TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D" http://localhostt:35357/v2.0/tokens /gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS- TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, ** Affects: keystone Importance: Undecided Status: New ** Summary changed: - able to verify a Fernet token with garbage at the end + able to validate a Fernet token with garbage at the end -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1459483 Title: able to validate a Fernet token with garbage at the end Status in OpenStack Identity (Keystone): New Bug description: I am able to verify Fernet tokens that contain garbage at the end, not so with UUID tokens. For example. UUID: curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2 Works curl -H "X-Auth-Token:84db9247b27d4fe6bd0a09b7b39281e2" http://localhost:35357/v2.0/tokens/84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE {"error": {"message": "Could not find token: 84db9247b27d4fe6bd0a09b7b39281e2-GARBAGE", "code": 404, "title": "Not Found"}} Fernet on the other hand happily validates it even with garbage and even inserts -GARBAGE into the ID. curl -H "X-Auth-Token :gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS- TmIAgkHcy0TsCBioof- Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D" http://localhostt:35357/v2.0/tokens /gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS- TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8%3D "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, "token": { "audit_ids": [ "WlVgiNv2RmOGaDa_4PpGGg" ], "expires": "2015-05-28T03:59:32.000000Z", "id": "gAAAAABVZnaEJuVPaQwW5y84w1sZt9TvxJk4Cgh8dmeISr68a7yVnl0hIpOAJ8YWluXJwym96xauaj0M737GZLzwhiF44u5JJXIjSiqQFtH3bQDrlBS-TmIAgkHcy0TsCBioof-Rzu4NbuSqkzjD5BJSRJnRqI2Sg-G-kTbRdblC5JBuyJjdMj8=-GARBAGE", "issued_at": "2015-05-28T01:59:32.000000Z", "tenant": { "description": "Cloud Infra: Admin Tenant", "enabled": true, "id": "4764ba822ecb43e582794b875751924c", "name": "admin", "parent_id": null } }, To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1459483/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
