django-openstack-auth

Horizon project list broken by pki/pkiz tokens

Bug #1486745 reported by Conrad Mukai on 2015-08-19

This bug report is a duplicate of: Bug #1484499: token gets truncated with PKI tokens. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	django-openstack-auth	Fix Committed	High	Matthias Runge

Bug Description

When logging into Horizon with a Keystone that uses pki or pkiz tokens the project list in the pull down is empty. The root cause is the constructor for openstack_auth.user.Token is reusing the hasher object that already has content from hashing the token_id. This results in a 403 error when trying to load the project list with the unscoped token because the hashed value does not match the id in Keystone.

If the hasher is recreated before hashing the unscoped token, it will match the token id in Keystone and all is good.

See original description

Tags:

Conrad Mukai (cmukai-9) on 2015-08-19

description:

updated

Conrad Mukai (cmukai-9) on 2015-08-20

description:

updated

Conrad Mukai (cmukai-9) on 2015-08-20

summary:	- unscoped_token not hashed correctly + Horizon project list broken by phi/pika tokens
summary:	- Horizon project list broken by phi/pika tokens + Horizon project list broken by pki/pkiz tokens

Revision history for this message

Matthias Runge (mrunge) wrote on 2015-08-20:

This is a bug in django_openstack_auth, and is probably a duplicate of 1484499

Changed in horizon:
status:	New → Confirmed
Changed in django-openstack-auth:
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-20: Fix proposed to django_openstack_auth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/215103

Changed in django-openstack-auth:
assignee:	nobody → Matthias Runge (mrunge)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-20: Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/215103
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=aed28851b933a04dffcff70674f7afad84cb2d57
Submitter: Jenkins
Branch: master

commit aed28851b933a04dffcff70674f7afad84cb2d57
Author: Matthias Runge <email address hidden>
Date: Thu Aug 20 13:50:36 2015 +0200

initialize the hasher for unscoped token

    Using PKI tokens results in an empty
    projects list in horizon and a 403 error from
    keystone.

    Change-Id: If6853343125112340e447e760ee7d997e6e7384f
    Closes-Bug: #1484499
    Closes-Bug: #1486745

Changed in django-openstack-auth:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-20: Fix proposed to django_openstack_auth (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/215303

Matthias Runge (mrunge) on 2015-08-20

Changed in django-openstack-auth:
importance:	Undecided → Critical
milestone:	none → 1.3.2
importance:	Critical → High

Matthias Runge (mrunge) on 2015-08-22

no longer affects:

horizon

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-24: Fix merged to django_openstack_auth (stable/kilo)

Reviewed: https://review.openstack.org/215303
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=285e41674878e596b7162d3ba3c10a80c36430c9
Submitter: Jenkins
Branch: stable/kilo

commit 285e41674878e596b7162d3ba3c10a80c36430c9
Author: Matthias Runge <email address hidden>
Date: Thu Aug 20 13:50:36 2015 +0200

initialize the hasher for unscoped token

    Using PKI tokens results in an empty
    projects list in horizon and a 403 error from
    keystone.

    Change-Id: If6853343125112340e447e760ee7d997e6e7384f
    Closes-Bug: #1484499
    Closes-Bug: #1486745
    (cherry picked from commit aed28851b933a04dffcff70674f7afad84cb2d57)