OAuth unauthorized errors mask the actual error text
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Critical
|
Raphaël Badin |
Bug Description
If a Nonce is re-used, the maas log has this in it:
ERROR 2014-01-15 18:18:28,633 maasserver #######
ERROR 2014-01-15 18:18:28,633 maasserver Traceback (most recent call last):
File "/usr/lib/
response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/
response = func(*args, **kwargs)
File "/usr/lib/
actor, anonymous = self.authentica
File "/usr/lib/
RestrictedR
File "/usr/lib/
if not authenticator.
File "/usr/lib/
raise OAuthUnauthoriz
OAuthUnauthorized
In addition the error returned to the client does not mention it's a nonce problem. It used to do this, so this is a regression.
I realise we have nonce-cleaning code now but this can still happen and it would save support time.
Related branches
- Julian Edwards (community): Approve
-
Diff: 48 lines (+33/-0)2 files modifiedsrc/maasserver/api_auth.py (+3/-0)
src/maasserver/tests/test_api_auth.py (+30/-0)
tags: | added: regression |
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → Critical |
milestone: | none → 14.04 |
Changed in maas: | |
assignee: | nobody → Raphaël Badin (rvb) |
status: | Triaged → Fix Committed |
Changed in maas: | |
status: | Fix Committed → Fix Released |