Actions
Issue #9578
closedToken server does not validate scope data
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
Sprint:
Quarter:
Description
Ticket moved to GitHub: "pulp/pulp_container/509":https://github.com/pulp/pulp_container/issues/509
- Issue a request with a missing scope type and action (scope=repository:XXX:pull):
http http://pulp3-source-fedora34.localhost.example.com/token/?service="localhost:24817"'&'scope="57e0dd27-1b66-4e20-978a-9e195ae12622"
- Receive an HTTP 500 response:
<!doctype html>
<html lang="en">
<head>
<title>Server Error (500)</title>
</head>
<body>
<h1>Server Error (500)</h1><p></p>
</body>
</html>
Traceback:
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/django/views/generic/base.py", line 70, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 509, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 469, in handle_exception
self.raise_uncaught_exception(exc)
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
raise exc
File "/usr/local/lib/pulp/lib64/python3.9/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
File "/home/vagrant/devel/pulp_container/pulp_container/app/registry_api.py", line 432, in get
data = authorization_service.generate_token()
File "/home/vagrant/devel/pulp_container/pulp_container/app/authorization.py", line 74, in generate_token
access = self.determine_access()
File "/home/vagrant/devel/pulp_container/pulp_container/app/authorization.py", line 139, in determine_access
typ, name, actions = self.scope.split(":")
ValueError: not enough values to unpack (expected 3, got 1)
Updated by ipanova@redhat.com about 3 years ago
- Triaged changed from No to Yes
we can look into how we have solved this in pulp2 https://github.com/pulp/pulp_docker/blob/2-master/plugins/pulp_docker/plugins/auth_util.py#L79
Updated by ipanova@redhat.com almost 3 years ago
- Sprint/Milestone changed from 2.10.0 to 2.11.0
Updated by pulpbot almost 3 years ago
- Description updated (diff)
- Status changed from NEW to CLOSED - DUPLICATE
Actions