OpenStack Identity (keystone)

When using v3 API to authenticate user/password in XML format, should report 400 Bad request instead of 401 if the XML if malformed

Bug #1179765 reported by xingzhou
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Expired
Medium
Unassigned

Bug Description

when using the request like below:

curl -i -X POST -H "X-Auth-Token:ADMIN" -H "Content-type:application/xml" http://9.119.148.18:35357/v3/auth/tokens -d '<?xml version="1.0" encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user password="xxxxxx" name="admin"></user></password></identity></auth>' -H "User-Agent:python-keystoneclient"

knowing that in the above request xml, there should be domain specified, the v3 API respond with 401 unauthorized error, which should be 400 bad request if the XML is malformed. 401 would lead to confusion

Revision history for this message
Dolph Mathews (dolph) wrote :

This doesn't look like valid usage of the authentication API, as an unnecessary X-Auth-Token is being provided in the request headers. If this issue is still reproducible without that header, then this should certainly be fixed.

Changed in keystone:
importance: Undecided → Medium
status: New → Triaged
tags: added: grizzly-backport-potential
Revision history for this message
David Stanek (dstanek) wrote :

I tested both with and without the X-Auth-Token on Keystone master branch running on devstack and both returned a 400:

[dstanek:/opt/stack/keystone]$ curl -s -i -X POST -H "X-Auth-Token:ADMIN" -H "Content-type:application/xml" http://localhost:35357/v3/auth/tokens -d '<?xml version="1.0" encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user password="xxxxxx" name="admin"></user></password></identity></auth>' -H "User-Agent:python-keystoneclient" | grep '^HTTP'
HTTP/1.1 400 Bad Request

[dstanek:/opt/stack/keystone]$ curl -s -i -X POST -H "Content-type:application/xml" http://localhost:35357/v3/auth/tokens -d '<?xml version="1.0" encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user password="xxxxxx" name="admin"></user></password></identity></auth>' -H "User-Agent:python-keystoneclient" | grep '^HTTP'
HTTP/1.1 400 Bad Request

What version of Keystone are you using?

Changed in keystone:
status: Triaged → Incomplete
Revision history for this message
Dolph Mathews (dolph) wrote :

David, can you run the same commands against stable/grizzly?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Keystone because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
Alan Pevec (apevec)
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.