summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-09-12 17:10:00 +0000
committerGerrit Code Review <review@openstack.org>2018-09-12 17:10:00 +0000
commit8505f37124bb21f41e346a571057c8133f9ca4d5 (patch)
tree2b398eb5803292f4b32a3809b30085525c652bdd
parent853c2fcc3b8510e358643350fcaab6211c320e27 (diff)
parent5c227e7e3f9490eff53be11b4499bf35773b950c (diff)
Merge "Revert "Change log hashing to SHA256"" into stable/rockystable/rocky
-rw-r--r--keystoneauth1/session.py4
-rw-r--r--keystoneauth1/tests/unit/test_session.py2
2 files changed, 3 insertions, 3 deletions
diff --git a/keystoneauth1/session.py b/keystoneauth1/session.py
index 29d848a..27b4f22 100644
--- a/keystoneauth1/session.py
+++ b/keystoneauth1/session.py
@@ -365,10 +365,10 @@ class Session(object):
365 secure_headers = ('authorization', 'x-auth-token', 365 secure_headers = ('authorization', 'x-auth-token',
366 'x-subject-token', 'x-service-token') 366 'x-subject-token', 'x-service-token')
367 if header[0].lower() in secure_headers: 367 if header[0].lower() in secure_headers:
368 token_hasher = hashlib.sha256() 368 token_hasher = hashlib.sha1() # nosec log hashing
369 token_hasher.update(header[1].encode('utf-8')) 369 token_hasher.update(header[1].encode('utf-8'))
370 token_hash = token_hasher.hexdigest() 370 token_hash = token_hasher.hexdigest()
371 return (header[0], '{SHA256}%s' % token_hash) 371 return (header[0], '{SHA1}%s' % token_hash)
372 return header 372 return header
373 373
374 def _get_split_loggers(self, split_loggers): 374 def _get_split_loggers(self, split_loggers):
diff --git a/keystoneauth1/tests/unit/test_session.py b/keystoneauth1/tests/unit/test_session.py
index 2927740349..09c7cd5 100644
--- a/keystoneauth1/tests/unit/test_session.py
+++ b/keystoneauth1/tests/unit/test_session.py
@@ -324,7 +324,7 @@ class SessionTests(utils.TestCase):
324 # Assert that response headers contains actual values and 324 # Assert that response headers contains actual values and
325 # only debug logs has been masked 325 # only debug logs has been masked
326 for k, v in security_headers.items(): 326 for k, v in security_headers.items():
327 self.assertIn('%s: {SHA256}' % k, self.logger.output) 327 self.assertIn('%s: {SHA1}' % k, self.logger.output)
328 self.assertEqual(v, resp.headers[k]) 328 self.assertEqual(v, resp.headers[k])
329 self.assertNotIn(v, self.logger.output) 329 self.assertNotIn(v, self.logger.output)
330 330