Keystone OAuth1 doesn't handle invalid request properly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Dave Chen |
Bug Description
For the access token request,
- If the signature is not valid, it will raise TypeError exception.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
2016-08-23 16:45:19.705 5202 TRACE keystone.
- If the provided consumer does not exist, it will throw NotImplementedError exception to show that dummy_client is not implemented.
All these exception is not properly handled, end user doens't know anything from these exception message. It should be Unauthorized exception raised.
description: | updated |
Changed in keystone: | |
assignee: | nobody → Dave Chen (wei-d-chen) |
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
milestone: | none → ocata-1 |
Fix proposed to branch: master /review. openstack. org/359795
Review: https:/