Page MenuHomePhabricator

Keystone tokens truncated when wikitech stores them
Closed, ResolvedPublic

Description

In nova/OpenStackNovaUser.php, I can see that saveToken() is trying to save a long token, but when we retrieve it in loadToken() we only get 256 bytes.

This means that save/load token are totally broken, which is no doubt contributing to that awful log-out-and-in-again issue on wikitech.

Details

Related Gerrit Patches:
mediawiki/extensions/OpenStackManager : masterRevert "Set keystone tokens to last 30 days."
mediawiki/extensions/OpenStackManager : masterSupport 2048 byte Keystone tokens

Event Timeline

Andrew created this task.Mar 9 2015, 9:16 PM
Andrew claimed this task.
Andrew raised the priority of this task from to High.
Andrew updated the task description. (Show Details)
Andrew added a subscriber: Andrew.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 9 2015, 9:16 PM
Andrew added a comment.Mar 9 2015, 9:20 PM

The code that writes is here: https://github.com/wikimedia/mediawiki-extensions-OpenStackManager/blob/master/nova/OpenStackNovaUser.php#L105

Probably the db field is not big enough. Sean, can you verify that that field is limited to 256 chars and increase it's size to 2048? (I've verified that my current failure case is a 985-char string but I can't guarantee that's the max token size.)

Andrew reassigned this task from Andrew to Springle.Mar 9 2015, 9:21 PM
Andrew set Security to None.
Andrew updated the task description. (Show Details)Mar 9 2015, 9:32 PM

Change 195472 had a related patch set uploaded (by Andrew Bogott):
Support 2048 byte Keystone tokens

https://gerrit.wikimedia.org/r/195472

Probably -- is that as simple as this?

https://gerrit.wikimedia.org/r/#/c/195472/

Change 195472 merged by jenkins-bot:
Support 2048 byte Keystone tokens

https://gerrit.wikimedia.org/r/195472

Change 195629 had a related patch set uploaded (by Andrew Bogott):
Revert "Set keystone tokens to last 30 days."

https://gerrit.wikimedia.org/r/195629

Change 195629 merged by jenkins-bot:
Revert "Set keystone tokens to last 30 days."

https://gerrit.wikimedia.org/r/195629

Did this work?

Krenair reassigned this task from Springle to Andrew.Aug 28 2015, 4:26 AM
Krenair added a subscriber: Springle.
Andrew closed this task as Resolved.Aug 31 2015, 1:27 PM

Pretty sure it worked, or at least helped.