invalid authorization header value generates 500 response
Bug #1384440 reported by
clayg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
tempauth does something like:
env['HTTP_
Which will fail like you'd expect.
Keystone's s3_token seems a bit smarter:
auth_header.split(' ')[-1]
and then that is wrapped in a try/except.
To post a comment you must log in.
so I went back to f595a7e70492c27 51d8c6f5ab60b55 12e63281cf which was like Fri Aug 29 17:14:46 2014 and this totally blew up:
ubuntu@saio:~$ curl http:// saio:8080/ v1/auth/ v1.0 -H 'Authorization: monkies' -v 1098711a- 00597911da
* Trying 127.0.0.1...
* Connected to saio (127.0.0.1) port 8080 (#0)
> GET /v1/auth/v1.0 HTTP/1.1
> Host: saio:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Authorization: monkies
>
< HTTP/1.1 500 Internal Error
< Content-Length: 17
< Content-Type: text/plain
< X-Trans-Id: txe7dff976d8584
< Date: Wed, 26 Jul 2017 22:04:10 GMT
<
* Connection #0 to host saio left intact
An error occurred
But it works now!
ubuntu@saio:~$ curl http:// saio:8080/ v1/auth/ v1.0 -H 'Authorization: monkies' -v fd29955f- 0059791227 Request- Id: txd60d71da4ebf4 fd29955f- 0059791227 h1>Unauthorized </h1><p> This server could not verify that you are authorized to access the document you requested. </p></html>
* Trying 127.0.0.1...
* Connected to saio (127.0.0.1) port 8080 (#0)
> GET /v1/auth/v1.0 HTTP/1.1
> Host: saio:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Authorization: monkies
>
< HTTP/1.1 401 Unauthorized
< Content-Length: 131
< Content-Type: text/html; charset=UTF-8
< Www-Authenticate: Swift realm="unknown"
< X-Trans-Id: txd60d71da4ebf4
< X-Openstack-
< Date: Wed, 26 Jul 2017 22:05:27 GMT
<
* Connection #0 to host saio left intact
<html><
I bet it all got fixed when timburke reworked the aws/swift3 stuff - but I'm not going to go check.
All greps for HTTP_AUTHORIZATION or just Authorization come up empty on common/middleware. There's something in tests related to AWS/swift3 but it seems to 401 correctly even if the Authorization header is bogus looking.