OpenStack Identity (keystone)

Ephemeral user's id is not always urlsafe

Bug #1487115 reported by Marek Denis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
David Stanek
OpenStack Identity (keystone) 8.0.0 "liberty"
Kilo
Fix Released
Undecided
Unassigned
OpenStack Identity (keystone) 2015.1.3

Bug Description

Ephemeral users' id should always be url-safe. Sadly, id the mapping rule specifies user's id the value will be passed as-is and never url-encoded. We should change auth.plugins.mapped.setup_username() function and make sure user_id is always treated with six.moves.urllib.parse.quote() function.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/215221

Changed in keystone:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Marek Denis (marek-denis) → David Stanek (dstanek)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/215221
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=02f8576ddf2fca67849171aa7a1b41ebcfa90ded
Submitter: Jenkins
Branch: master

commit 02f8576ddf2fca67849171aa7a1b41ebcfa90ded
Author: Marek Denis <email address hidden>
Date: Thu Aug 20 18:12:39 2015 +0200

    Ensure ephemeral user's user_id is url-safe

    As a principle, an attribute ``user_id`` should always be url safe and
    we should make sure this is the case especially for the federated
    authentication workflow as user name and id can be provided directly
    from the user (either hardcoded in the mapping rule or passed as a
    parameter from the assertion).

    Change-Id: I7256a5e4d31d3c2e55fe956fb0170452bb241078
    Closes-Bug: #1487115

Changed in keystone:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: liberty-3 → 8.0.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/236071

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/kilo)

Reviewed: https://review.openstack.org/236071
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=56298885a115a2e544c1ee3736abcf58d0edefe5
Submitter: Jenkins
Branch: stable/kilo

commit 56298885a115a2e544c1ee3736abcf58d0edefe5
Author: Marek Denis <email address hidden>
Date: Thu Aug 20 18:12:39 2015 +0200

    Ensure ephemeral user's user_id is url-safe

    As a principle, an attribute ``user_id`` should always be url safe and
    we should make sure this is the case especially for the federated
    authentication workflow as user name and id can be provided directly
    from the user (either hardcoded in the mapping rule or passed as a
    parameter from the assertion).

    Change-Id: I7256a5e4d31d3c2e55fe956fb0170452bb241078
    Closes-Bug: #1487115
    (cherry picked from commit 02f8576ddf2fca67849171aa7a1b41ebcfa90ded)

tags: added: in-stable-kilo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.