TOTP auth not functional in python3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Adrian Turjak |
Bug Description
Because of how python3 handles byte>str conversion, the passcode generation function produces a mangled result in python3. The reason the unit tests still pass in python3 is because the tests also use the same function and thus the server and the tests are both sending and expecting the same mangled passcode.
This would then mean that anyone correctly generating the passcode and attempting to authenticate via TOTP would fail because the server is expecting a mangled passcode.
The fix is to not use six.text_type, as it does the wrong thing, and instead use .decode('utf-8') which produces the correct result in both python2 and python3.
Example of why and how this happens:
Python2:
>>> passcode = b'123456'
>>> print passcode
123456
>>> type(passcode)
<type 'str'>
>>> import six
>>> six.text_
u'123456'
>>> type(six.
<type 'unicode'>
>>> otherstring = "openstack"
>>> otherstring + passcode
'openstack123456'
>>> passcode.
u'123456'
>>> type(passcode.
<type 'unicode'>
Python3:
>>> passcode = b'123456'
>>> print(passcode)
b'123456'
>>> type(passcode)
<class 'bytes'>
>>> import six
>>> six.text_
"b'123456'"
>>> type(six.
<class 'str'>
>>> otherstring = "openstack"
>>> otherstring + passcode
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: Can't convert 'bytes' object to str implicitly
>>> otherstring + str(passcode)
"openstackb'
>>> passcode.
'123456'
>>> type(passcode.
<class 'str'>
description: | updated |
Changed in keystone: | |
assignee: | nobody → Adrian Turjak (adriant-y) |
Changed in keystone: | |
status: | New → In Progress |
Changed in keystone: | |
milestone: | none → newton-3 |
importance: | Undecided → High |
Reviewed: https:/ /review. openstack. org/348081 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=b2cb4c403f9 4fdf61100d43b59 dedec1547c7364
Committed: https:/
Submitter: Jenkins
Branch: master
commit b2cb4c403f94fdf 61100d43b59dede c1547c7364
Author: adriant <email address hidden>
Date: Thu Jul 28 11:24:58 2016 +1200
TOTP auth not functional in python3
Fixing a byte>str conversion bug present in the TOTP
passcode generation function that was only present in python3
which rendered TOTP auth non-functional in python3.
Also adding a test to check passcode generation returns the
correct format.
Closes-Bug: #1607119
Change-Id: Ie052d559c4eb25 77d35caa9f6e240 664cf4cf399