Bug #2054

Downloads fail if token contains encoded space (%2B) characters

Added by Angus Griffin over 8 years ago. Updated over 8 years ago.

Status:Closed Start date:02/16/2012
Priority:High Due date:
Assignee:Christos Stathis % Done:

0%

Category:- Spent time: -
Target version:-

Description

Attempts to download files (i.e. GET /v1//pithos/filename.zip?X-Auth-Token=8tzIzdhNC4bHWYesr7+vNA== HTTP/1.1) result in an Access denied message being displayed. Astakos denies the authentication attempt.

Probably a failure to urldecode before passing on to Astakos for authentication. Web logs show that Pithos asks Astakos for authentication and recieves a 401.

Other activities (e.g. logging in and viewing the pithos page/file and directory listing) work fine.

Cookie contains token: _pithos2_a=test%40test.com%7C8tzIzdhNC4bHWYesr7*%2B*vNA%3D%3D

users without any %2B characters can download without any problems. Upon renewing the above token to a value without a %2B (+) character in it, this user can also download successfully.

History

#1 Updated by Christos Stathis over 8 years ago

  • Status changed from New to Assigned
  • Assignee set to Christos Stathis
  • Priority changed from Medium to High

#2 Updated by Christos Stathis over 8 years ago

  • Status changed from Assigned to Resolved

Fixed in d02b08f2e55608496533f32b098406ed1fb289e0

#3 Updated by Christos Stathis over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF