URL-encode user-supplied tokens (bug 974319)

Change-Id: I7440f879edb8d61ea2382d5d4a56e32eacce4cfd
openstack · Dec 13, 2012 · 308a773 · 308a773
1 parent 095cdd1
commit 308a773
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
@@ -109,6 +109,7 @@
 import os
 import stat
 import time
+import urllib
 import webob
 import webob.exc
 
@@ -177,6 +178,11 @@ def will_expire_soon(expiry):
     return expiry < soon
 
 
+def safe_quote(s):
+    """URL-encode strings that are not already URL-encoded."""
+    return urllib.quote(s) if s == urllib.unquote(s) else s
+
+
 class InvalidUserToken(Exception):
     pass
 
@@ -692,9 +698,10 @@ def verify_uuid_token(self, user_token, retry=True):
         """
 
         headers = {'X-Auth-Token': self.get_admin_token()}
-        response, data = self._json_request('GET',
-                                            '/v2.0/tokens/%s' % user_token,
-                                            additional_headers=headers)
+        response, data = self._json_request(
+            'GET',
+            '/v2.0/tokens/%s' % safe_quote(user_token),
+            additional_headers=headers)
 
         if response.status == 200:
             self._cache_put(user_token, data)

diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
@@ -668,3 +668,11 @@ def test_will_expire_soon(self):
         fortyseconds = datetime.datetime.utcnow() + datetime.timedelta(
             seconds=40)
         self.assertFalse(auth_token.will_expire_soon(fortyseconds))
+
+
+class TokenEncodingTest(unittest.TestCase):
+    def test_unquoted_token(self):
+        self.assertEqual('foo%20bar', auth_token.safe_quote('foo bar'))
+
+    def test_quoted_token(self):
+        self.assertEqual('foo%20bar', auth_token.safe_quote('foo%20bar'))