On 07/26/2014 05:01 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
From python documentation, base64.urlsafe_b64encode(s) substitutes - instead of + and _ instead of / in the standard Base64 alphabet, BUT the result can still contain = which is not safe in a URL query component. As token value is not decoded nowhere, replace = by A also in our kimchi I have try: In [45]: base64.urlsafe_b64encode("abcd") Out[45]: 'YWJjZA==' In [41]: base64.urlsafe_b64encode("abcde") Out[41]: 'YWJjZGU='
JS is very cool, it can decode base64 without "=" padding well kimchi.urlSafeB64Decode("YWJjZA") "abcd" kimchi.urlSafeB64Decode("YWJjZGU") "abcde" we just need in python: In [48]: base64.urlsafe_b64encode("abcd").rstrip("=") Out[48]: 'YWJjZA'
The problem with equals sign was only identified on Spice connections. noVNC can deal well with that.
For reference: https://docs.python.org/2/library/base64.html
Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/vnc.py | 9 ++++++++- ui/js/src/kimchi.api.js | 18 ++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py index 9380e21..4159049 100644 --- a/src/kimchi/vnc.py +++ b/src/kimchi/vnc.py @@ -54,7 +54,14 @@ def new_ws_proxy():
def add_proxy_token(name, port): with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f: - name = base64.urlsafe_b64encode(name) + """ + From python documentation base64.urlsafe_b64encode(s) + substitutes - instead of + and _ instead of / in the + standard Base64 alphabet, BUT the result can still + contain = which is not safe in a URL query component. + As token value is not decoded nowhere, replace = by A + """ + name = base64.urlsafe_b64encode(name).replace('=', 'A') f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js index 8f5b68f..30360c5 100644 --- a/ui/js/src/kimchi.api.js +++ b/ui/js/src/kimchi.api.js @@ -352,7 +352,14 @@ var kimchi = { }).done(function() { url = 'https://' + location.hostname + ':' + proxy_port; url += "/console.html?url=vnc_auto.html&port=" + proxy_port; - url += "&path=?token=" + kimchi.urlSafeB64Encode(vm); + /* + * From python documentation base64.urlsafe_b64encode(s) + * substitutes - instead of + and _ instead of / in the + * standard Base64 alphabet, BUT the result can still + * contain = which is not safe in a URL query component. + * As token value is not decoded nowhere, replace = by A + * */ + url += "&path=?token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A'); url += "&kimchi=" + location.port; url += '&encrypt=1'; window.open(url); @@ -377,7 +384,14 @@ var kimchi = { url = 'https://' + location.hostname + ':' + proxy_port; url += "/console.html?url=spice.html&port=" + proxy_port; url += "&listen=" + location.hostname; - url += "&token=" + kimchi.urlSafeB64Encode(vm); + /* + * From python documentation base64.urlsafe_b64encode(s) + * substitutes - instead of + and _ instead of / in the + * standard Base64 alphabet, BUT the result can still + * contain = which is not safe in a URL query component. + * As token value is not decoded nowhere, replace = by A + * */ + url += "&token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A'); url += "&kimchi=" + location.port; url += '&encrypt=1'; window.open(url);
-- Thanks and best regards! Sheldon Feng(冯少合)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center