Horizon project list broken by pki/pkiz tokens

Bug #1486745 reported by Conrad Mukai
This bug report is a duplicate of:  Bug #1484499: token gets truncated with PKI tokens. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
django-openstack-auth
Fix Committed
High
Matthias Runge

Bug Description

When logging into Horizon with a Keystone that uses pki or pkiz tokens the project list in the pull down is empty. The root cause is the constructor for openstack_auth.user.Token is reusing the hasher object that already has content from hashing the token_id. This results in a 403 error when trying to load the project list with the unscoped token because the hashed value does not match the id in Keystone.

If the hasher is recreated before hashing the unscoped token, it will match the token id in Keystone and all is good.

Conrad Mukai (cmukai-9)
description: updated
Conrad Mukai (cmukai-9)
description: updated
Conrad Mukai (cmukai-9)
summary: - unscoped_token not hashed correctly
+ Horizon project list broken by phi/pika tokens
summary: - Horizon project list broken by phi/pika tokens
+ Horizon project list broken by pki/pkiz tokens
Revision history for this message
Matthias Runge (mrunge) wrote :

This is a bug in django_openstack_auth, and is probably a duplicate of 1484499

Changed in horizon:
status: New → Confirmed
Changed in django-openstack-auth:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to django_openstack_auth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/215103

Changed in django-openstack-auth:
assignee: nobody → Matthias Runge (mrunge)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/215103
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=aed28851b933a04dffcff70674f7afad84cb2d57
Submitter: Jenkins
Branch: master

commit aed28851b933a04dffcff70674f7afad84cb2d57
Author: Matthias Runge <email address hidden>
Date: Thu Aug 20 13:50:36 2015 +0200

    initialize the hasher for unscoped token

    Using PKI tokens results in an empty
    projects list in horizon and a 403 error from
    keystone.

    Change-Id: If6853343125112340e447e760ee7d997e6e7384f
    Closes-Bug: #1484499
    Closes-Bug: #1486745

Changed in django-openstack-auth:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to django_openstack_auth (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/215303

Matthias Runge (mrunge)
Changed in django-openstack-auth:
importance: Undecided → Critical
milestone: none → 1.3.2
importance: Critical → High
Matthias Runge (mrunge)
no longer affects: horizon
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to django_openstack_auth (stable/kilo)

Reviewed: https://review.openstack.org/215303
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=285e41674878e596b7162d3ba3c10a80c36430c9
Submitter: Jenkins
Branch: stable/kilo

commit 285e41674878e596b7162d3ba3c10a80c36430c9
Author: Matthias Runge <email address hidden>
Date: Thu Aug 20 13:50:36 2015 +0200

    initialize the hasher for unscoped token

    Using PKI tokens results in an empty
    projects list in horizon and a 403 error from
    keystone.

    Change-Id: If6853343125112340e447e760ee7d997e6e7384f
    Closes-Bug: #1484499
    Closes-Bug: #1486745
    (cherry picked from commit aed28851b933a04dffcff70674f7afad84cb2d57)

tags: added: in-stable-kilo
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/django_openstack_auth 1.2.1

This issue was fixed in the openstack/django_openstack_auth 1.2.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.