[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token

Joseph Heck 1006815 at bugs.launchpad.net
Fri Sep 28 16:02:25 UTC 2012 

russel - description is good, run with it.

** Description changed:

  Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
- validate token
+ validate the authentication token before returning a response.
  
- we can get the same result without a token in HTTP head.
+ i.e. we can get the same result without a token in HTTP head.
  
  Eg:
  without a token
  jason at ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool
-   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                  Dload  Upload   Total   Spent    Left  Speed
+   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                  Dload  Upload   Total   Spent    Left  Speed
  100    72  100    72    0     0    308      0 --:--:-- --:--:-- --:--:--   346
  {
-     "roles": [
-         {
-             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd", 
-             "name": "admin"
-         }
-     ]
+     "roles": [
+         {
+             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",
+             "name": "admin"
+         }
+     ]
  }
  
  with token
  jason at ubuntu:~/project/keystone$ curl -H "X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809" http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool
-   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                  Dload  Upload   Total   Spent    Left  Speed
+   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                  Dload  Upload   Total   Spent    Left  Speed
  100    72  100    72    0     0    242      0 --:--:-- --:--:-- --:--:--   270
  {
-     "roles": [
-         {
-             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd", 
-             "name": "admin"
-         }
-     ]
+     "roles": [
+         {
+             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",
+             "name": "admin"
+         }
+     ]
  }
- 
  
  What we expect:
  without a token
  jason at ubuntu:~/project/keystone$ curl  http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                  Dload  Upload   Total   Spent    Left  Speed
+                                  Dload  Upload   Total   Spent    Left  Speed
  100   116  100   116    0     0    848      0 --:--:-- --:--:-- --:--:--  1026
  {
-     "error": {
-         "code": 401, 
-         "message": "The request you have made requires authentication.", 
-         "title": "Not Authorized"
-     }
+     "error": {
+         "code": 401,
+         "message": "The request you have made requires authentication.",
+         "title": "Not Authorized"
+     }
  }
  
- 
  Attached is a diff of the changes.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815

Title:
  Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
  validate token

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions

More information about the Ubuntu-server-bugs mailing list