699543 – oauth string incorrectly calculated when request has get parameters

Bug 699543 - oauth string incorrectly calculated when request has get parameters

Summary: oauth string incorrectly calculated when request has get parameters

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Pulp
Classification:	Retired
Component:	z_other
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Jason Connor
QA Contact:	Preethi Thomas
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-25 21:52 UTC by Justin Sherrill
Modified:	2014-03-31 01:39 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-24 20:14:09 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Justin Sherrill 2011-04-25 21:52:25 UTC

Description of problem:


with oauth enabled make a request to pulp with a get parameter such as:

/pulp/api/repositories?groupid=foo

the oauth authentication will fail because  groupid=foo is computed twice in the oauth string.  

In authentication.py the following line of code is the culprit:

req = oauth2.Request.from_request(method, url, headers, query_string=query)


here, both url and query contain the get parameter.  So when the oauth library combines them to product the oauth signature, it uses any get parameters twice and thus generates the wrong string.  As soon as you strip away the get parameters from url before passing it into that method call, it works fine.

Comment 1 Jason Connor 2011-04-25 23:03:47 UTC

fix committed in hash cd9d07e

Comment 2 Jason Connor 2011-04-26 13:40:37 UTC

fixed fix in hash 3df8259

Comment 3 Jay Dobies 2011-04-27 20:11:33 UTC

Fixed in Pulp 0.172, grinder 0.96.

Comment 4 Preethi Thomas 2011-09-28 18:58:23 UTC

verified
[root@core-01 ~]# rpm -q pulp
pulp-0.0.232-1.fc14.noarch

[root@core-01 ~]# curl -k -u admin:admin https://localhost/pulp/api/repositories/?groupid=env:1
[{"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1-RHUI_x86_64_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/", "type": "remote"}, "groupid": ["product:1", "env:1", "org:1"], "files": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/RHUI_SVC/RHUI_x86_64_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/1-RHUI_x86_64_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_64_Content_noarch-ACME_Corporation.cert", "name": "RHUI x86_64 Content noarch", "feed_ca": "/etc/pki/content/1-RHUI_x86_64_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_64_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1-RHUI_x86_64_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1-RHUI_x86_64_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1-RHUI_x86_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os/", "type": "remote"}, "groupid": ["product:1", "env:1", "org:1"], "files": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/RHUI_SVC/RHUI_x86_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/1-RHUI_x86_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_Content_noarch-ACME_Corporation.cert", "name": "RHUI x86 Content noarch", "feed_ca": "/etc/pki/content/1-RHUI_x86_Content_noarch-ACME_Corporation/feed-1-RHUI_x86_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1-RHUI_x86_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1-RHUI_x86_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "20-RHEL_6_x86_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server-6/releases/6Server/i386/os", "type": "remote"}, "groupid": ["product:20", "env:1", "org:1"], "files": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/Red_Hat_Enterprise_Linux_6_Server_SVC/RHEL_6_x86_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/20-RHEL_6_x86_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_Content_noarch-ACME_Corporation.cert", "name": "RHEL 6 x86 Content noarch", "feed_ca": "/etc/pki/content/20-RHEL_6_x86_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "20-RHEL_6_x86_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/20-RHEL_6_x86_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "20-RHEL_6_x86_64_Content_noarch-ACME_Corporation", "publish": true, "source": {"url": "https://sat-perf-03.idm.lab.bos.redhat.com/pulp/repos//content/dist/rhel/rhui/server-6/releases/6Server/x86_64/os", "type": "remote"}, "groupid": ["product:20", "env:1", "org:1"], "files": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/Red_Hat_Enterprise_Linux_6_Server_SVC/RHEL_6_x86_64_Content", "sync_schedule": null, "arch": "noarch", "feed_cert": "/etc/pki/content/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_64_Content_noarch-ACME_Corporation.cert", "name": "RHEL 6 x86_64 Content noarch", "feed_ca": "/etc/pki/content/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/feed-20-RHEL_6_x86_64_Content_noarch-ACME_Corporation.ca", "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "20-RHEL_6_x86_64_Content_noarch-ACME_Corporation", "uri_ref": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/20-RHEL_6_x86_64_Content_noarch-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1317232443267-Base-ACME_Corporation", "publish": true, "source": {"url": "http://download.fedoraproject.org/pub/fedora/linux/releases/15/Everything/x86_64/os/", "type": "remote"}, "groupid": ["product:1317232443267", "env:1", "org:1"], "files": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/F15_-_x86_64/Base", "sync_schedule": null, "arch": "noarch", "feed_cert": null, "name": "Base", "feed_ca": null, "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1317232443267-Base-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1317232443267-Base-ACME_Corporation/comps/"}, {"use_symlinks": false, "package_count": 0, "distributionid": [], "consumer_cert": null, "consumer_ca": null, "filters": [], "id": "1317232443267-Base2-ACME_Corporation", "publish": true, "source": {"url": "http://download.fedora.devel.redhat.com/pub/fedora/linux/releases/15/Everything/x86_64/os/", "type": "remote"}, "groupid": ["product:1317232443267", "env:1", "org:1"], "files": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/files/", "relative_path": "ACME_Corporation/Locker/F15_-_x86_64/Base2", "sync_schedule": null, "arch": "noarch", "feed_cert": null, "name": "Base2", "feed_ca": null, "notes": null, "last_sync": null, "content_types": "yum", "clone_ids": [], "checksum_type": "sha256", "_id": "1317232443267-Base2-ACME_Corporation", "uri_ref": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/", "files_count": 0, "packages": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packages/", "packagegroups": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packagegroups/", "packagegroupcategories": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/packagegroupcategories/", "errata": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/errata/", "distribution": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/distribution/", "keys": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/keys/", "comps": "/pulp/api/repositories/1317232443267-Base2-ACME_Corporation/comps/"}][root@core-01 ~]#

Comment 5 Preethi Thomas 2012-02-24 20:14:09 UTC

Pulp v1.0 is released
Closed Current Release.

Comment 6 Preethi Thomas 2012-02-24 20:18:59 UTC

Pulp v1.0 is released.

Note You need to log in before you can comment on or make changes to this bug.