Project

Profile

Help

Issue #9578

Token server does not validate scope data

Added by lmjachky 17 days ago. Updated about 14 hours ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
Sprint:
Quarter:

Description

  1. Issue a request with a missing scope type and action (scope=repository:XXX:pull):
http http://pulp3-source-fedora34.localhost.example.com/token/?service="localhost:24817"'&'scope="57e0dd27-1b66-4e20-978a-9e195ae12622"
  1. Receive an HTTP 500 response:
<!doctype html>
<html lang="en">
<head>
  <title>Server Error (500)</title>
</head>
<body>
  <h1>Server Error (500)</h1><p></p>
</body>
</html>

Traceback:

  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/django/views/generic/base.py", line 70, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/home/vagrant/devel/pulp_container/pulp_container/app/registry_api.py", line 432, in get
    data = authorization_service.generate_token()
  File "/home/vagrant/devel/pulp_container/pulp_container/app/authorization.py", line 74, in generate_token
    access = self.determine_access()
  File "/home/vagrant/devel/pulp_container/pulp_container/app/authorization.py", line 139, in determine_access
    typ, name, actions = self.scope.split(":")
ValueError: not enough values to unpack (expected 3, got 1)

History

#1 Updated by ipanova@redhat.com about 15 hours ago

  • Triaged changed from No to Yes

#2 Updated by ipanova@redhat.com about 14 hours ago

  • Sprint/Milestone set to 2.10.0

Please register to edit this issue

Also available in: Atom PDF