From 92d11d139e9f76d4fd76859aea78643fc32ef36b Mon Sep 17 00:00:00 2001 From: asteroide Date: Thu, 24 Sep 2015 16:27:16 +0200 Subject: Update Keystone code from repository. Change-Id: Ib3d0a06b10902fcc6d520f58e85aa617bc326d00 --- .../token/providers/fernet/token_formatters.py | 36 ++++++++++++++++------ 1 file changed, 27 insertions(+), 9 deletions(-) (limited to 'keystone-moon/keystone/token/providers/fernet/token_formatters.py') diff --git a/keystone-moon/keystone/token/providers/fernet/token_formatters.py b/keystone-moon/keystone/token/providers/fernet/token_formatters.py index d1dbb08c..f0b6271d 100644 --- a/keystone-moon/keystone/token/providers/fernet/token_formatters.py +++ b/keystone-moon/keystone/token/providers/fernet/token_formatters.py @@ -21,7 +21,7 @@ from oslo_config import cfg from oslo_log import log from oslo_utils import timeutils import six -from six.moves import map, urllib +from six.moves import map from keystone.auth import plugins as auth_plugins from keystone.common import utils as ks_utils @@ -67,11 +67,14 @@ class TokenFormatter(object): def pack(self, payload): """Pack a payload for transport as a token.""" # base64 padding (if any) is not URL-safe - return urllib.parse.quote(self.crypto.encrypt(payload)) + return self.crypto.encrypt(payload).rstrip('=') def unpack(self, token): """Unpack a token, and validate the payload.""" - token = urllib.parse.unquote(six.binary_type(token)) + token = six.binary_type(token) + + # Restore padding on token before decoding it + token = TokenFormatter.restore_padding(token) try: return self.crypto.decrypt(token) @@ -79,6 +82,21 @@ class TokenFormatter(object): raise exception.ValidationError( _('This is not a recognized Fernet token')) + @classmethod + def restore_padding(cls, token): + """Restore padding based on token size. + + :param token: token to restore padding on + :returns: token with correct padding + + """ + # Re-inflate the padding + mod_returned = len(token) % 4 + if mod_returned: + missing_padding = 4 - mod_returned + token += b'=' * missing_padding + return token + @classmethod def creation_time(cls, fernet_token): """Returns the creation time of a valid Fernet token.""" @@ -86,10 +104,10 @@ class TokenFormatter(object): # (pypi/cryptography will refuse to operate on Unicode input) fernet_token = six.binary_type(fernet_token) - # the base64 padding on fernet tokens is made URL-safe - fernet_token = urllib.parse.unquote(fernet_token) + # Restore padding on token before decoding it + fernet_token = TokenFormatter.restore_padding(fernet_token) - # fernet tokens are base64 encoded and the padding made URL-safe + # fernet tokens are base64 encoded, so we need to unpack them first token_bytes = base64.urlsafe_b64decode(fernet_token) # slice into the byte array to get just the timestamp @@ -571,9 +589,9 @@ class FederatedUnscopedPayload(BasePayload): """Validate a federated payload. :param token_string: a string representing the token - :return: a tuple containing the user_id, auth methods, audit_ids, and - a dictionary containing federated information such as the the - group IDs, the identity provider ID, the protocol ID, and the + :return: a tuple containing the user_id, auth methods, audit_ids, and a + dictionary containing federated information such as the group + IDs, the identity provider ID, the protocol ID, and the federated domain ID """ -- cgit 1.2.3-korg