Bug 767330 - non-existant oauth keys are authenticated
Summary: non-existant oauth keys are authenticated
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-configserver
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
Assignee: Dan Radez
QA Contact: dgao
URL:
Whiteboard:
Depends On:
Blocks: ce-sprint-next
TreeView+ depends on / blocked
 
Reported: 2011-12-13 20:05 UTC by Dan Radez
Modified: 2011-12-14 18:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-14 18:29:16 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Dan Radez 2011-12-13 20:05:19 UTC 
Description of problem:
if you pass an oauth key that is undefined in configserver it will return positive authentication

Version-Release number of selected component (if applicable):
0.4.3

How reproducible:
just pass a key that doesn't exist in the configserver

Steps to Reproduce:
1. call /auth with a non-existent oauth key
2.
3.
  
Actual results:
authentication for non-existent oauth keys

Expected results:
401 for non-existent oauth keys

Additional info:
Note You need to log in before you can comment on or make changes to this bug.