OpenStack Identity (keystone)

password type differences when create user

Bug #1081861 reported by ryuta sekine on 2012-11-22

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Undecided	Wu Wenxiang	OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

When create user, /opt/stack/keystone/keystone/common/utils.py of len()
in 500 error if you specify a number type in the password.

2012-09-21 17:21:20,161 ERROR wsgi __call__ object of type 'int' has no len()
Traceback (most recent call last):
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 204, in __call__
    result = method(context, **params)
  File "/opt/stack/keystone/keystone/identity/core.py", line 486, in create_user
    context, user_id, user_ref)
  File "/opt/stack/keystone/keystone/common/manager.py", line 47, in _wrapper
    return f(*args, **kw)
  File "/opt/stack/keystone/keystone/identity/backends/sql.py", line 47, in wrapper
    return method(*args, **kwargs)
  File "/opt/stack/keystone/keystone/identity/backends/sql.py", line 356, in create_user
    user = _ensure_hashed_password(user)
  File "/opt/stack/keystone/keystone/identity/backends/sql.py", line 37, in _ensure_hashed_password
    user_ref['password'] = utils.hash_password(pw)
  File "/opt/stack/keystone/keystone/common/utils.py", line 159, in hash_password
    password_utf8 = trunc_password(password).encode('utf-8')
  File "/opt/stack/keystone/keystone/common/utils.py", line 151, in trunc_password
    if len(password) > MAX_PASSWORD_LENGTH:
TypeError: object of type 'int' has no len()
(keystone.common.wsgi): 2012-09-21 17:21:20,165 DEBUG wsgi __call__ ******************** RESPONSE HEADERS ********************
(keystone.common.wsgi): 2012-09-21 17:21:20,165 DEBUG wsgi __call__ Vary = X-Auth-Token
(keystone.common.wsgi): 2012-09-21 17:21:20,165 DEBUG wsgi __call__ Content-Type = application/json
(keystone.common.wsgi): 2012-09-21 17:21:20,165 DEBUG wsgi __call__ Content-Length = 177
(keystone.common.wsgi): 2012-09-21 17:21:20,165 DEBUG wsgi __call__
(keystone.common.wsgi): 2012-09-21 17:21:20,166 DEBUG wsgi print_generator ******************** RESPONSE BODY ********************
(keystone.common.wsgi): 2012-09-21 17:21:20,166 DEBUG wsgi print_generator {"error": {"message": "An unexpected error prevented the server from fulfilling your request. object of type 'int' has no len()", "code": 500, "title": "Internal Server Error"}}
(eventlet.wsgi.server): 2012-09-21 17:21:20,175 DEBUG wsgi write 127.0.0.1 - - [21/Sep/2012 17:21:20] "POST /v2.0/users HTTP/1.1" 500 325 0.058478

I think should validate the password for when specify a numeric type.

Revision history for this message

Wu Wenxiang (wu-wenxiang) wrote on 2012-11-28:

1. Which version did you meet this issue?
2. How could you reproduce this issue?

Thanks

Revision history for this message

ryuta sekine (r-sekine) wrote on 2012-11-28:

Thanks

I am not using the keystone command.
Since this does not occur with a keystone command, please specify a numerical value as a password directly with a curl command.

Wu Wenxiang (wu-wenxiang) on 2012-11-29

Changed in keystone:
status:	New → Confirmed
assignee:	nobody → Wu Wenxiang (wu-wenxiang)

Revision history for this message

Wu Wenxiang (wu-wenxiang) wrote on 2012-11-29:

1. I could reproduce this issue.
2. I think it's not a bug, if you use number as password in curl, you should remember add quotes. For example: "231" rather than 231.
3. However, we could add some improvement in codes to ignore this issue.

Any opinions?

Revision history for this message

ryuta sekine (r-sekine) wrote on 2012-11-29:

I think this seems to be a bug, because users can not get whether internal error or miss operation from this error message.
I think you should add validation in keystone/identity/core.py.

Revision history for this message

Wu Wenxiang (wu-wenxiang) wrote on 2012-11-29:

Fine, I prefer changing password to unicode string, rather than reporting error "password not string".

https://review.openstack.org/17107

commit 6bc5e53b1d58ee87f360f20e6942c3c2f8d1712f
Author: Wu Wenxiang <wu.wenxiang@99cloud.net>
Date: Thu Nov 29 13:49:52 2012 +0800

bug(1081861): Ensure password was unicode when creating user

Add function _unicode_dict() in class Application, then call this function in UserController::create_user()

Change-Id: I5fcc2cddc706eb2c69aa9596ac83e70c6f8f0e46

Wu Wenxiang (wu-wenxiang) on 2012-11-29

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-11-29: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/17121

Revision history for this message

Wu Wenxiang (wu-wenxiang) wrote on 2012-11-30:

https://review.openstack.org/17121/

Validate password type (bug 1081861)

Raise keystone.exception.ValidationError when password type was not string

Change-Id: Ib7538806777db0fe3a3cf9f22bf06a1d505c232f

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-11-30: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/17121
Committed: http://github.com/openstack/keystone/commit/5b73757de94a30b7cc8566e2bf429c1aecd5c320
Submitter: Jenkins
Branch: master

commit 5b73757de94a30b7cc8566e2bf429c1aecd5c320
Author: Wu Wenxiang <wu.wenxiang@99cloud.net>
Date: Thu Nov 29 23:58:04 2012 +0800

Validate password type (bug 1081861)

Raise keystone.exception.ValidationError when password type was not string

Change-Id: Ib7538806777db0fe3a3cf9f22bf06a1d505c232f

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-01-09

Changed in keystone:
milestone:	none → grizzly-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-2 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.