Bug #2054
Downloads fail if token contains encoded space (%2B) characters
Status: | Closed | Start date: | 02/16/2012 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | Christos Stathis | % Done: | 0% |
|
Category: | - | Spent time: | - | |
Target version: | - |
Description
Attempts to download files (i.e. GET /v1/user@wherever.com/pithos/filename.zip?X-Auth-Token=8tzIzdhNC4bHWYesr7+vNA== HTTP/1.1) result in an Access denied message being displayed. Astakos denies the authentication attempt.
Probably a failure to urldecode before passing on to Astakos for authentication. Web logs show that Pithos asks Astakos for authentication and recieves a 401.
Other activities (e.g. logging in and viewing the pithos page/file and directory listing) work fine.
Cookie contains token: _pithos2_a=test%40test.com%7C8tzIzdhNC4bHWYesr7*%2B*vNA%3D%3D
users without any %2B characters can download without any problems. Upon renewing the above token to a value without a %2B (+) character in it, this user can also download successfully.
History
#1 Updated by Christos Stathis about 12 years ago
- Status changed from New to Assigned
- Assignee set to Christos Stathis
- Priority changed from Medium to High
#2 Updated by Christos Stathis about 12 years ago
- Status changed from Assigned to Resolved
Fixed in d02b08f2e55608496533f32b098406ed1fb289e0
#3 Updated by Christos Stathis about 12 years ago
- Status changed from Resolved to Closed