MAAS

Merge lp:~lutostag/maas/1.5+nonce-generation-fix into lp:maas/1.5

  1. 1.5+nonce-generation-fix
  2. Merge into 1.5
Proposed by Greg Lutostanski
Status: Merged
Merge reported by: Julian Edwards
Merged at revision: not available
Proposed branch: lp:~lutostag/maas/1.5+nonce-generation-fix
Merge into: lp:maas/1.5
Diff against target: 42 lines (+5/-2)
2 files modified
etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py (+2/-1)
src/apiclient/maas_client.py (+3/-1)
To merge this branch: bzr merge lp:~lutostag/maas/1.5+nonce-generation-fix
Reviewer Review Type Date Requested Status
Julian Edwards (community) Approve
Review via email: mp+226407@code.launchpad.net

Commit message

Fix nonce generation to use uuid.uuid4() rather than random [0-9]{8} string; makes nonce collisions WAY less likely.

Description of the change

Fix nonce generation to use uuid.uuid4() rather than random [0-9]{8} string; makes nonce collisions WAY less likely.

To post a comment you must log in.
Revision history for this message
Julian Edwards (julian-edwards) wrote :

I think this is ok with my changes suggested in the diff comments, but please wait for a second opinion before landing.

review: Approve
Revision history for this message
Julian Edwards (julian-edwards) wrote :

Also, can you set a commit message and don't worry about the other branches for 1.6 and trunk, we'll migrate the revision directly.

Revision history for this message
Raphaël Badin (rvb) :
Revision history for this message
Julian Edwards (julian-edwards) wrote :

On 11/07/14 16:50, Raphaël Badin wrote:
> Although the term nonce means "number used once", I don't see anything in the code that prevents us from using the canonical form of a UUID (i.e. with the dashes); The oauth specification explicitly says "A nonce is a random string, uniquely generated for each request."

Yes, but what I was driving at is that it's a lot nicer than using
string formatting.

lp:~lutostag/maas/1.5+nonce-generation-fix updated
2293. By Greg Lutostanski

use get_hex rather than string formatting to coerce nonce into a string

Revision history for this message
Julian Edwards (julian-edwards) wrote :

I'm going to merge this to trunk and then backport to release branches.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py'
--- etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py 2013-10-22 23:45:39 +0000
+++ etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py 2014-07-11 14:30:38 +0000
@@ -12,6 +12,7 @@
12import sys12import sys
13import time13import time
14import urllib214import urllib2
15import uuid
1516
16import oauth.oauth as oauth17import oauth.oauth as oauth
17import yaml18import yaml
@@ -60,7 +61,7 @@
6061
61 params = {62 params = {
62 'oauth_version': "1.0",63 'oauth_version': "1.0",
63 'oauth_nonce': oauth.generate_nonce(),64 'oauth_nonce': uuid.uuid4().get_hex(),
64 'oauth_timestamp': timestamp,65 'oauth_timestamp': timestamp,
65 'oauth_token': token.key,66 'oauth_token': token.key,
66 'oauth_consumer_key': consumer.key,67 'oauth_consumer_key': consumer.key,
6768
=== modified file 'src/apiclient/maas_client.py'
--- src/apiclient/maas_client.py 2014-04-29 06:57:26 +0000
+++ src/apiclient/maas_client.py 2014-07-11 14:30:38 +0000
@@ -21,6 +21,7 @@
21import gzip21import gzip
22from io import BytesIO22from io import BytesIO
23import urllib223import urllib2
24import uuid
2425
25from apiclient.encode_json import encode_json_data26from apiclient.encode_json import encode_json_data
26from apiclient.multipart import encode_multipart_data27from apiclient.multipart import encode_multipart_data
@@ -45,7 +46,8 @@
45 with the signature.46 with the signature.
46 """47 """
47 oauth_request = oauth.OAuthRequest.from_consumer_and_token(48 oauth_request = oauth.OAuthRequest.from_consumer_and_token(
48 self.consumer_token, token=self.resource_token, http_url=url)49 self.consumer_token, token=self.resource_token, http_url=url,
50 parameters={'oauth_nonce': uuid.uuid4().get_hex()})
49 oauth_request.sign_request(51 oauth_request.sign_request(
50 oauth.OAuthSignatureMethod_PLAINTEXT(), self.consumer_token,52 oauth.OAuthSignatureMethod_PLAINTEXT(), self.consumer_token,
51 self.resource_token)53 self.resource_token)

Subscribers

People subscribed via source and target branches

to all changes: