[Yahoo-eng-team] [Bug 1473553] [NEW] AuthContextMiddleware re-implements AdminToken

Fri, 10 Jul 2015 13:56:17 -0700 

Public bug reported:


AuthContextMiddleware essentially re-implements the default 
AdminTokenAuthMiddleware:

class AdminTokenAuthMiddleware(wsgi.Middleware):
...
        context['is_admin'] = (token == CONF.admin_token)

class AuthContextMiddleware(wsgi.Middleware):
...
        if token_id == CONF.admin_token:

The problem is, what if someone decides they want to implement their own
`AdminTokenAuthMiddleware` that implements "admin token" differently.
For example, using a special client certificate instead.

This should be possible, but it's not because AuthContextMiddleware
decided to re-implement AdminTokenAuthMiddleware rather than using its
output (the setting of is_admin in the context.

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: In Progress

** Changed in: keystone
     Assignee: (unassigned) => Brant Knudson (blk-u)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1473553

Title:
  AuthContextMiddleware re-implements AdminToken

Status in Keystone:
  In Progress

Bug description:
  
  AuthContextMiddleware essentially re-implements the default 
AdminTokenAuthMiddleware:

  class AdminTokenAuthMiddleware(wsgi.Middleware):
  ...
          context['is_admin'] = (token == CONF.admin_token)

  class AuthContextMiddleware(wsgi.Middleware):
  ...
          if token_id == CONF.admin_token:

  The problem is, what if someone decides they want to implement their
  own `AdminTokenAuthMiddleware` that implements "admin token"
  differently. For example, using a special client certificate instead.

  This should be possible, but it's not because AuthContextMiddleware
  decided to re-implement AdminTokenAuthMiddleware rather than using its
  output (the setting of is_admin in the context.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1473553/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to