POST /v1/actions with "user_id" specified in body silently overwrites user_id in stored action
Bug #1588364 reported by
Domhnall Walsh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Backup/Restore and DR (Freezer) |
In Progress
|
Undecided
|
Domhnall Walsh | ||
Bug Description
Looking at the API-WG guidelines on this, "If a request contains an unexpected attribute in the body, the server should return a 400 Bad Request response".
In the case of an action in freezer, "user_id" is such an attribute because it'll get overwritten with the user id pulled from Keystone based on the provided auth token, so if the user passes the user_id as a parameter the API _should_ return a HTTP 400 response rather than silently overwriting the value.
| Changed in freezer: | |
| assignee: | nobody → Domhnall Walsh (domhnall-walsh) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to freezer-api (master) | #1 |
| Changed in freezer: | |
| status: | New → In Progress |
Revision history for this message
| Domhnall Walsh (domhnall-walsh) wrote | #2 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/