Bug 699543

Summary:	oauth string incorrectly calculated when request has get parameters
Product:	[Retired] Pulp	Reporter:	Justin Sherrill <jsherril>
Component:	z_other	Assignee:	Jason Connor <jconnor>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Preethi Thomas <pthomas>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	unspecified	CC:	mmccune
Target Milestone:	---	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-02-24 20:14:09 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Justin Sherrill 2011-04-25 21:52:25 UTC

Description of problem:


with oauth enabled make a request to pulp with a get parameter such as:

/pulp/api/repositories?groupid=foo

the oauth authentication will fail because  groupid=foo is computed twice in the oauth string.  

In authentication.py the following line of code is the culprit:

req = oauth2.Request.from_request(method, url, headers, query_string=query)


here, both url and query contain the get parameter.  So when the oauth library combines them to product the oauth signature, it uses any get parameters twice and thus generates the wrong string.  As soon as you strip away the get parameters from url before passing it into that method call, it works fine.

Comment 1 Jason Connor 2011-04-25 23:03:47 UTC

fix committed in hash cd9d07e

Comment 2 Jason Connor 2011-04-26 13:40:37 UTC

fixed fix in hash 3df8259

Comment 3 Jay Dobies 2011-04-27 20:11:33 UTC

Fixed in Pulp 0.172, grinder 0.96.

Comment 4 Preethi Thomas 2011-09-28 18:58:23 UTC

verified
[root@core-01 ~]# rpm -q pulp
pulp-0.0.232-1.fc14.noarch

[root@core-01 ~]# curl -k -u admin:admin https://localhost/pulp/api/repositories/?groupid=env:1
[{"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1-RHUI_x86_64_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/", "type": "remote"}, "groupid": ["product:1", "env:1", "org:1"], "files": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/RHUI_SVC/RHUI_x86_64_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/1-RHUI_x86_64_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_64_Content_noarch-ACME_Corporation.cert", "name": "RHUI x86_64 Content noarch", "feed_ca": "/etc/pki/content/1-RHUI_x86_64_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_64_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1-RHUI_x86_64_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1-RHUI_x86_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os/", "type": "remote"}, "groupid": ["product:1", "env:1", "org:1"], "files": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/RHUI_SVC/RHUI_x86_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/1-RHUI_x86_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_Content_noarch-ACME_Corporation.cert", "name": "RHUI x86 Content noarch", "feed_ca": "/etc/pki/content/1-RHUI_x86_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1-RHUI_x86_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "20-RHEL_6_x86_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server-6/releases/6Server/i386/os", "type": "remote"}, "groupid": ["product:20", "env:1", "org:1"], "files": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/Red_Hat_Enterprise_Linux_6_Server_SVC/RHEL_6_x86_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/20-RHEL_6_x86_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_Content_noarch-ACME_Corporation.cert", "name": "RHEL 6 x86 Content noarch", "feed_ca": "/etc/pki/content/20-RHEL_6_x86_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "20-RHEL_6_x86_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "20-RHEL_6_x86_64_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server-6/releases/6Server/x86_64/os", "type": "remote"}, "groupid": ["product:20", "env:1", "org:1"], "files": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/Red_Hat_Enterprise_Linux_6_Server_SVC/RHEL_6_x86_64_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_64_Content_noarch-ACME_Corporation.cert", "name": "RHEL 6 x86_64 Content noarch", "feed_ca": "/etc/pki/content/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_64_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "20-RHEL_6_x86_64_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1317232443267-Base-ACME_Corporation", "publish": true, "source": {"url": "http://download.fedoraproject.org/pub/fedora/linux/releases/15/Everything/x86_64/os/", "type": "remote"}, "groupid": ["product:1317232443267", "env:1", "org:1"], "files": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/F15_-_x86_64/Base", "sync_schedule": null, "arch": "noarch", "feed_cert": null, "name": "Base", "feed_ca": null, "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1317232443267-Base-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1317232443267-Base2-ACME_Corporation", "publish": true, "source": {"url": "http://download.fedora.devel.redhat.com/pub/fedora/linux/releases/15/Everything/x86_64/os/", "type": "remote"}, "groupid": ["product:1317232443267", "env:1", "org:1"], "files": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/F15_-_x86_64/Base2", "sync_schedule": null, "arch": "noarch", "feed_cert": null, "name": "Base2", "feed_ca": null, "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1317232443267-Base2-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/comps/"}][root@core-01 ~]#

Comment 5 Preethi Thomas 2012-02-24 20:14:09 UTC

Pulp v1.0 is released
Closed Current Release.

Comment 6 Preethi Thomas 2012-02-24 20:18:59 UTC

Pulp v1.0 is released.