[Kimchi-devel] [PATCH] bug fix: Avoid equals sign in VM console URL

alinefm at linux.vnet.ibm.com alinefm at linux.vnet.ibm.com
Fri Jul 25 21:01:22 UTC 2014


From: Aline Manera <alinefm at linux.vnet.ibm.com>

>From python documentation, base64.urlsafe_b64encode(s) substitutes - instead
of + and _ instead of / in the standard Base64 alphabet, BUT the result can
still contain = which is not safe in a URL query component.
As token value is not decoded nowhere, replace = by A

The problem with equals sign was only identified on Spice connections.
noVNC can deal well with that.

For reference: https://docs.python.org/2/library/base64.html

Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
 src/kimchi/vnc.py       |  9 ++++++++-
 ui/js/src/kimchi.api.js | 18 ++++++++++++++++--
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 9380e21..4159049 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -54,7 +54,14 @@ def new_ws_proxy():
 
 def add_proxy_token(name, port):
     with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
-        name = base64.urlsafe_b64encode(name)
+        """
+        From python documentation base64.urlsafe_b64encode(s)
+        substitutes - instead of + and _ instead of / in the
+        standard Base64 alphabet, BUT the result can still
+        contain = which is not safe in a URL query component.
+        As token value is not decoded nowhere, replace = by A
+        """
+        name = base64.urlsafe_b64encode(name).replace('=', 'A')
         f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
 
 
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 8f5b68f..30360c5 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -352,7 +352,14 @@ var kimchi = {
             }).done(function() {
                 url = 'https://' + location.hostname + ':' + proxy_port;
                 url += "/console.html?url=vnc_auto.html&port=" + proxy_port;
-                url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
+                /*
+                 * From python documentation base64.urlsafe_b64encode(s)
+                 * substitutes - instead of + and _ instead of / in the
+                 * standard Base64 alphabet, BUT the result can still
+                 * contain = which is not safe in a URL query component.
+                 * As token value is not decoded nowhere, replace = by A
+                 * */
+                url += "&path=?token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
                 url += "&kimchi=" + location.port;
                 url += '&encrypt=1';
                 window.open(url);
@@ -377,7 +384,14 @@ var kimchi = {
                 url = 'https://' + location.hostname + ':' + proxy_port;
                 url += "/console.html?url=spice.html&port=" + proxy_port;
                 url += "&listen=" + location.hostname;
-                url += "&token=" + kimchi.urlSafeB64Encode(vm);
+                /*
+                 * From python documentation base64.urlsafe_b64encode(s)
+                 * substitutes - instead of + and _ instead of / in the
+                 * standard Base64 alphabet, BUT the result can still
+                 * contain = which is not safe in a URL query component.
+                 * As token value is not decoded nowhere, replace = by A
+                 * */
+                url += "&token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
                 url += "&kimchi=" + location.port;
                 url += '&encrypt=1';
                 window.open(url);
-- 
1.9.3




More information about the Kimchi-devel mailing list