MAAS

Merge lp:~julian-edwards/maas/nonce-fix-bug-1190986 into lp:~maas-committers/maas/trunk

  1. nonce-fix-bug-1190986
  2. Merge into trunk
Proposed by Julian Edwards
Status: Merged
Approved by: Julian Edwards
Approved revision: no longer in the source branch.
Merged at revision: 2554
Proposed branch: lp:~julian-edwards/maas/nonce-fix-bug-1190986
Merge into: lp:~maas-committers/maas/trunk
Diff against target: 42 lines (+5/-2)
2 files modified
etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py (+2/-1)
src/apiclient/maas_client.py (+3/-1)
To merge this branch: bzr merge lp:~julian-edwards/maas/nonce-fix-bug-1190986
Reviewer Review Type Date Requested Status
Julian Edwards (community) Approve
Review via email: mp+226766@code.launchpad.net

Commit message

Fix nonce generation to use uuid.uuid4() rather than random [0-9]{8} string; makes nonce collisions WAY less likely.

Description of the change

Greg's branch, already reviewed by me, landing separately so I can backport rather that forward port.

https://code.launchpad.net/~lutostag/maas/1.5+nonce-generation-fix/+merge/226407

To post a comment you must log in.
Revision history for this message
Julian Edwards (julian-edwards) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py'
2--- etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py 2013-10-22 23:45:39 +0000
3+++ etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py 2014-07-15 02:47:25 +0000
4@@ -12,6 +12,7 @@
5 import sys
6 import time
7 import urllib2
8+import uuid
9
10 import oauth.oauth as oauth
11 import yaml
12@@ -60,7 +61,7 @@
13
14 params = {
15 'oauth_version': "1.0",
16- 'oauth_nonce': oauth.generate_nonce(),
17+ 'oauth_nonce': uuid.uuid4().get_hex(),
18 'oauth_timestamp': timestamp,
19 'oauth_token': token.key,
20 'oauth_consumer_key': consumer.key,
21
22=== modified file 'src/apiclient/maas_client.py'
23--- src/apiclient/maas_client.py 2014-07-10 16:44:15 +0000
24+++ src/apiclient/maas_client.py 2014-07-15 02:47:25 +0000
25@@ -22,6 +22,7 @@
26 import gzip
27 from io import BytesIO
28 import urllib2
29+import uuid
30
31 from apiclient.encode_json import encode_json_data
32 from apiclient.multipart import encode_multipart_data
33@@ -46,7 +47,8 @@
34 with the signature.
35 """
36 oauth_request = oauth.OAuthRequest.from_consumer_and_token(
37- self.consumer_token, token=self.resource_token, http_url=url)
38+ self.consumer_token, token=self.resource_token, http_url=url,
39+ parameters={'oauth_nonce': uuid.uuid4().get_hex()})
40 oauth_request.sign_request(
41 oauth.OAuthSignatureMethod_PLAINTEXT(), self.consumer_token,
42 self.resource_token)