Do not log token string

Without this patch, if a token fails to decrypt, the token string is
logged at the WARNING level, which means the majority of deployments
will log it. Since keystone tokens are bearer tokens, logging it to disk
is a security risk. Of course the reason for the log is that the token
is invalid, and so it can't be used as-is to gain access, but the token
might be *almost* valid: for example, it might be a token that the user
had intended to use on a different keystone instance, or it might be a
truncated token such that the last few characters could be guessed.

Since the encrypted token is nearly useless to an operator for
debugging, stop logging the token string and just emit a generic
warning.

Change-Id: Id05b506327d22e42b2da3b1a38d8237cbf7786a8

keystone/tests/unit/token/test_fernet_provider.py

@@ -46,11 +46,10 @@ class TestFernetTokenProvider(unit.TestCase):
 
     def test_invalid_token_raises_token_not_found(self):
         token_id = uuid.uuid4().hex
-        e = self.assertRaises(
+        self.assertRaises(
             exception.TokenNotFound,
             self.provider.validate_token,
             token_id)
-        self.assertIn(token_id, u'%s' % e)
 
 
 class TestValidate(unit.TestCase):

keystone/token/token_formatters.py

@@ -91,7 +91,7 @@ class TokenFormatter(object):
             return self.crypto.decrypt(token.encode('utf-8'))
         except fernet.InvalidToken:
             raise exception.ValidationError(
-                _('This is not a recognized Fernet token %s') % token)
+                _('Could not recognize Fernet token'))
 
     @classmethod
     def restore_padding(cls, token):