Closed
Bug 1141162
Opened 9 years ago
Closed 9 years ago
Fix or squelch ValueError: Malformed authorization header
Categories
(Marketplace Graveyard :: Code Quality, defect, P4)
Tracking
(Not tracked)
VERIFIED
FIXED
2015-03-17
People
(Reporter: robhudson, Assigned: robhudson)
Details
(Whiteboard: [ktlo])
In the logs I consistently see this error pretty often. z.api:ERROR ValueError on verifying_request :./mkt/api/middleware.py:98 Traceback (most recent call last): File "./mkt/api/middleware.py", line 93, in process_request method, auth_header) File "./mkt/api/middleware.py", line 136, in validate_2legged_oauth typ, params, oauth_params = oauth._get_signature_type_and_params(req) File "/data/addons-stage/www/marketplace.allizom.org/current/venv/lib/python2.7/site-packages/oauthlib/oauth1/rfc5849/endpoints/base.py", line 35, in _get_signature_type_and_params exclude_oauth_signature=False, with_realm=True) File "/data/addons-stage/www/marketplace.allizom.org/current/venv/lib/python2.7/site-packages/oauthlib/oauth1/rfc5849/signature.py", line 278, in collect_parameters authorization_header) if with_realm or i[0] != 'realm']) File "/data/addons-stage/www/marketplace.allizom.org/current/venv/lib/python2.7/site-packages/oauthlib/oauth1/rfc5849/utils.py", line 89, in parse_authorization_header raise ValueError('Malformed authorization header') ValueError: Malformed authorization header If this error is something we don't care about, let's either remove the log or bump it up to log.INFO or log.WARN. If we do care about this error, let's fix it.
Updated•9 years ago
|
Severity: normal → minor
Priority: -- → P4
Comment 1•9 years ago
|
||
It will happen for every request using shared secret as header instead of as query string parameter. We don't do that in fireplace, but we do that at least in reviewer tools. RestSharedSecretMiddleware should probably be placed before RestOAuthMiddleware in MIDDLEWARE_CLASSES and then modified to alter the headers on the request if it begins with "mkt-shared-secret" to remove the Authorization header, as it's never going to be a valid oauth Authorization header.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → robhudson.mozbugs
Assignee | ||
Comment 2•9 years ago
|
||
PR: https://github.com/mozilla/zamboni/pull/2974
Assignee | ||
Comment 3•9 years ago
|
||
https://github.com/mozilla/zamboni/commit/7e03cdb This is mostly a fix to avoid logging something as an error that isn't really an error but please verify logins aren't affected, from consumer pages and reviewer tools would be good. Thanks.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2015-03-17
Comment 4•9 years ago
|
||
Can you please add some STRs to this bug or mark it as [qa-]?
Comment 6•9 years ago
|
||
Oh, you are right , in this case I will mark this as verified since everything is working as expected
Status: RESOLVED → VERIFIED
Updated•9 years ago
|
Whiteboard: [ktlo]
You need to log in
before you can comment on or make changes to this bug.
Description
•