attempt to re-authenticate on possible token expiry re-uses expired token

Bug #1192656 reported by Eoghan Glynn on 2013-06-19
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Eoghan Glynn

Bug Description

The attempt to re-authenticate on possible token expiry actually re-uses the expired token, which is clearly bound to fail in the expired case.

As a result, unless the client explicitly handles the 401, a novaclient instance will stop working once the original token has expired (by default after 24 hours).

This issue may have been masked by the recently discovered & fixed vulnerability whereby signed tokens where not being properly checked for expiry:

Eoghan Glynn (eglynn) on 2013-06-19
Changed in python-novaclient:
assignee: nobody → Eoghan Glynn (eglynn)
status: New → In Progress

Submitter: Jenkins
Branch: master

commit 909a53b161b8936dddb40dd25e346c2cbb8db416
Author: Eoghan Glynn <email address hidden>
Date: Wed Jun 19 18:27:24 2013 +0000

    Discard possibly expired token before re-authenticating

    Fixes bug 1192656

    Previously, the attempt to re-authenticate on possible token
    expiry actually re-used the expired token, which was clearly
    bound to fail in the expired case.

    Now the old authentication state is discarded before attempting

    Change-Id: I3fd125702061f7ac84eb501d2a488aab5b2385b9

Changed in python-novaclient:
status: In Progress → Fix Committed
Changed in python-novaclient:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers