Bug #4804

Exception thrown at /oauth2/auth

Added by Vangelis Koukis over 5 years ago. Updated over 5 years ago.

Status:Resolved Start date:12/20/2013
Priority:High Due date:
Assignee:Sofia Papagiannaki % Done:

0%

Category:Astakos Spent time: -
Target version:0.15

Description

Perhaps not properly validating the length of the URL resource?

DatabaseError: value too long for type character varying(255)

<WSGIRequest
path:/oauth2/auth,
GET:<QueryDict: {u'scope': [u'/6c26d059-39c7-4d40-a595-a9696f996858/pithos/SUPER_LONG_NAME_REDACTED.pdf'], u'state': [u''],
u'redirect_uri': [u'https://pithos.okeanos.grnet.gr/ui/view/6c26d059-39c7-4d40-a595-a9696f996858/pithos/SUPER_LONG_NAME_REDACTED.pdf'], u'response_type': [u'code'], u'client_id': [u'pithos-view']}>,

Associated revisions

Revision ed9223c7
Added by Sofia Papagiannaki over 5 years ago

astakos oa2: Handle failures due to too long redirect urls

Change database field to TextField in order to avoid restrictions on the
redirect url lengths
Update tests

This fix introduces a database migration of the oa2 app

Refs: #4804

Revision b806a15a
Added by Sofia Papagiannaki over 5 years ago

astakos oa2: Set a redirect URI length limit.

This limit is configurable and is applied in the api level.

Refs: #4804

Revision cb618cc0
Added by Sofia Papagiannaki over 5 years ago

astakos oa2: Restrict redirect URI length during client registration.

Apply the check in the oauth2-client-add snf-manage command.

Refs: #4804

History

#1 Updated by Sofia Papagiannaki over 5 years ago

We have to increase the length of the specific field (redirect_uri) in the Astakos database (It is really small)
and handle failures for resources exceeding this limit.
However, further consideration has to be made in order to decide which should be this limit
since this depends on the size of URI of the requested resource that theoretically is unbounded
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.1

Making a compromise and

we can get a clue about the maximum length of the requested resources, however Astakos ought to be ignorant about this.

#2 Updated by Sofia Papagiannaki over 5 years ago

In order to avoid restrictions on the redirect URI lengths we will change the database field to text.

#3 Updated by Sofia Papagiannaki over 5 years ago

After additional considerations we concluded on the following scheme:
we respective column type will be text but the api will restrict it to a configurable value (default 5000 chars).

#4 Updated by Sofia Papagiannaki over 5 years ago

Sofia Papagiannaki wrote:

After additional considerations we concluded on the following scheme:
we respective column type will be text but the api will restrict it to a configurable value (default 5000 chars).

we --> the

#5 Updated by Sofia Papagiannaki over 5 years ago

  • Status changed from Assigned to Resolved

Also available in: Atom PDF