MAAS

Merge lp://staging/~lutostag/maas/1.5+nonce-generation-fix into lp://staging/maas/1.5

  1. 1.5+nonce-generation-fix
  2. Merge into 1.5
Proposed by Greg Lutostanski
Status: Merged
Merge reported by: Julian Edwards
Merged at revision: not available
Proposed branch: lp://staging/~lutostag/maas/1.5+nonce-generation-fix
Merge into: lp://staging/maas/1.5
Diff against target: 42 lines (+5/-2)
2 files modified
etc/maas/templates/commissioning-user-data/snippets/maas_api_helper.py (+2/-1)
src/apiclient/maas_client.py (+3/-1)
To merge this branch: bzr merge lp://staging/~lutostag/maas/1.5+nonce-generation-fix
Reviewer Review Type Date Requested Status
Julian Edwards (community) Approve
Review via email: mp+226407@code.staging.launchpad.net

Commit message

Fix nonce generation to use uuid.uuid4() rather than random [0-9]{8} string; makes nonce collisions WAY less likely.

Description of the change

Fix nonce generation to use uuid.uuid4() rather than random [0-9]{8} string; makes nonce collisions WAY less likely.

To post a comment you must log in.
Revision history for this message
Julian Edwards (julian-edwards) wrote :

I think this is ok with my changes suggested in the diff comments, but please wait for a second opinion before landing.

review: Approve
Revision history for this message
Julian Edwards (julian-edwards) wrote :

Also, can you set a commit message and don't worry about the other branches for 1.6 and trunk, we'll migrate the revision directly.

Revision history for this message
Raphaël Badin (rvb) :
Revision history for this message
Julian Edwards (julian-edwards) wrote :

On 11/07/14 16:50, Raphaël Badin wrote:
> Although the term nonce means "number used once", I don't see anything in the code that prevents us from using the canonical form of a UUID (i.e. with the dashes); The oauth specification explicitly says "A nonce is a random string, uniquely generated for each request."

Yes, but what I was driving at is that it's a lot nicer than using
string formatting.

lp://staging/~lutostag/maas/1.5+nonce-generation-fix updated
2293. By Greg Lutostanski

use get_hex rather than string formatting to coerce nonce into a string

Revision history for this message
Julian Edwards (julian-edwards) wrote :

I'm going to merge this to trunk and then backport to release branches.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches

to all changes: