Do not log token string
Without this patch, if a token fails to decrypt, the token string is logged at the WARNING level, which means the majority of deployments will log it. Since keystone tokens are bearer tokens, logging it to disk is a security risk. Of course the reason for the log is that the token is invalid, and so it can't be used as-is to gain access, but the token might be *almost* valid: for example, it might be a token that the user had intended to use on a different keystone instance, or it might be a truncated token such that the last few characters could be guessed. Since the encrypted token is nearly useless to an operator for debugging, stop logging the token string and just emit a generic warning. Change-Id: Id05b506327d22e42b2da3b1a38d8237cbf7786a8
This commit is contained in:
parent
604141a230
commit
81fd509350
|
@ -46,11 +46,10 @@ class TestFernetTokenProvider(unit.TestCase):
|
|||
|
||||
def test_invalid_token_raises_token_not_found(self):
|
||||
token_id = uuid.uuid4().hex
|
||||
e = self.assertRaises(
|
||||
self.assertRaises(
|
||||
exception.TokenNotFound,
|
||||
self.provider.validate_token,
|
||||
token_id)
|
||||
self.assertIn(token_id, u'%s' % e)
|
||||
|
||||
|
||||
class TestValidate(unit.TestCase):
|
||||
|
|
|
@ -91,7 +91,7 @@ class TokenFormatter(object):
|
|||
return self.crypto.decrypt(token.encode('utf-8'))
|
||||
except fernet.InvalidToken:
|
||||
raise exception.ValidationError(
|
||||
_('This is not a recognized Fernet token %s') % token)
|
||||
_('Could not recognize Fernet token'))
|
||||
|
||||
@classmethod
|
||||
def restore_padding(cls, token):
|
||||
|
|
Loading…
Reference in New Issue