Public bug reported:
In
https://github.com/openstack/keystone/blob/stable/stein/keystone/api/auth.py#L108
the token is not decoded and therefore is rendered in the SSO callback
template as bytes. See example below for how to recreate.
>>> import string
>>> template = string.Template("""<!DOCTYPE html>
... <html xmlns="http://www.w3.org/1999/xhtml";>
... <head>
... <title>Keystone WebSSO redirect</title>
... </head>
... <body>
... <form id="sso" name="sso" action="$host" method="post">
... Please wait...
... <br/>
... <input type="hidden" name="token" id="token" value="$token"/>
... <noscript>
... <input type="submit" name="submit_no_javascript"
id="submit_no_javascript"
... value="If your JavaScript is disabled, please click to
continue"/>
... </noscript>
... </form>
... <script type="text/javascript">
... window.onload = function() {
... document.forms['sso'].submit();
... }
... </script>
... </body>
... </html>""")
>>> subs = {"host": b"myhost", "token": b"mytoken"}
>>> template.substitute(subs)
'<!DOCTYPE html>\n<html xmlns="http://www.w3.org/1999/xhtml";>\n <head>\n
<title>Keystone WebSSO redirect</title>\n </head>\n <body>\n <form
id="sso" name="sso" action="b\'myhost\'" method="post">\n Please
wait...\n <br/>\n <input type="hidden" name="token" id="token"
value="b\'mytoken\'"/>\n <noscript>\n <input type="submit"
name="submit_no_javascript" id="submit_no_javascript"\n value="If
your JavaScript is disabled, please click to continue"/>\n </noscript>\n
</form>\n <script type="text/javascript">\n window.onload =
function() {\n document.forms[\'sso\'].submit();\n }\n
</script>\n </body>\n</html>'
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1833311
Title:
Token not decoded in SSO callback template
Status in OpenStack Identity (keystone):
New
Bug description:
In
https://github.com/openstack/keystone/blob/stable/stein/keystone/api/auth.py#L108
the token is not decoded and therefore is rendered in the SSO callback
template as bytes. See example below for how to recreate.
>>> import string
>>> template = string.Template("""<!DOCTYPE html>
... <html xmlns="http://www.w3.org/1999/xhtml";>
... <head>
... <title>Keystone WebSSO redirect</title>
... </head>
... <body>
... <form id="sso" name="sso" action="$host" method="post">
... Please wait...
... <br/>
... <input type="hidden" name="token" id="token" value="$token"/>
... <noscript>
... <input type="submit" name="submit_no_javascript"
id="submit_no_javascript"
... value="If your JavaScript is disabled, please click to
continue"/>
... </noscript>
... </form>
... <script type="text/javascript">
... window.onload = function() {
... document.forms['sso'].submit();
... }
... </script>
... </body>
... </html>""")
>>> subs = {"host": b"myhost", "token": b"mytoken"}
>>> template.substitute(subs)
'<!DOCTYPE html>\n<html xmlns="http://www.w3.org/1999/xhtml";>\n <head>\n
<title>Keystone WebSSO redirect</title>\n </head>\n <body>\n <form
id="sso" name="sso" action="b\'myhost\'" method="post">\n Please
wait...\n <br/>\n <input type="hidden" name="token" id="token"
value="b\'mytoken\'"/>\n <noscript>\n <input type="submit"
name="submit_no_javascript" id="submit_no_javascript"\n value="If
your JavaScript is disabled, please click to continue"/>\n </noscript>\n
</form>\n <script type="text/javascript">\n window.onload =
function() {\n document.forms[\'sso\'].submit();\n }\n
</script>\n </body>\n</html>'
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1833311/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
