From 09281ccf7837b70962ad2dfbaa1e84722ad987e8 Mon Sep 17 00:00:00 2001 From: Gordon Chung Date: Tue, 20 May 2014 12:30:41 -0400 Subject: [PATCH] remove token from notifier middleware notifier middleware is capturing token and sending it to MQ. this is not advisable so we should filter it out. Change-Id: Ia1bfa1bd24989681db1d2f385defc12e69a01f8d Closes-Bug: #1321080 --- openstack/common/middleware/notifier.py | 2 +- tests/unit/middleware/test_notifier.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/openstack/common/middleware/notifier.py b/openstack/common/middleware/notifier.py index 72018d3b4..c37170e94 100644 --- a/openstack/common/middleware/notifier.py +++ b/openstack/common/middleware/notifier.py @@ -68,7 +68,7 @@ class RequestNotifier(base.Middleware): """ return dict((k, v) for k, v in six.iteritems(environ) - if k.isupper()) + if k.isupper() and k != 'HTTP_X_AUTH_TOKEN') @log_and_ignore_error def process_request(self, request): diff --git a/tests/unit/middleware/test_notifier.py b/tests/unit/middleware/test_notifier.py index 5735609c6..e32ffd594 100644 --- a/tests/unit/middleware/test_notifier.py +++ b/tests/unit/middleware/test_notifier.py @@ -14,6 +14,7 @@ # under the License. import mock +import uuid import webob from openstack.common.middleware import notifier @@ -41,7 +42,8 @@ class NotifierMiddlewareTest(utils.BaseTestCase): def test_notification(self): middleware = notifier.RequestNotifier(FakeApp()) req = webob.Request.blank('/foo/bar', - environ={'REQUEST_METHOD': 'GET'}) + environ={'REQUEST_METHOD': 'GET', + 'HTTP_X_AUTH_TOKEN': uuid.uuid4()}) with mock.patch('openstack.common.notifier.api.notify') as notify: middleware(req) # Check first notification with only 'request' @@ -55,6 +57,7 @@ class NotifierMiddlewareTest(utils.BaseTestCase): self.assertEqual(request['PATH_INFO'], '/foo/bar') self.assertEqual(request['REQUEST_METHOD'], 'GET') self.assertIn('HTTP_X_SERVICE_NAME', request) + self.assertNotIn('HTTP_X_AUTH_TOKEN', request) self.assertFalse(any(map(lambda s: s.startswith('wsgi.'), request.keys())), "WSGI fields are filtered out") @@ -70,6 +73,7 @@ class NotifierMiddlewareTest(utils.BaseTestCase): self.assertEqual(request['PATH_INFO'], '/foo/bar') self.assertEqual(request['REQUEST_METHOD'], 'GET') self.assertIn('HTTP_X_SERVICE_NAME', request) + self.assertNotIn('HTTP_X_AUTH_TOKEN', request) self.assertFalse(any(map(lambda s: s.startswith('wsgi.'), request.keys())), "WSGI fields are filtered out") @@ -81,7 +85,8 @@ class NotifierMiddlewareTest(utils.BaseTestCase): def test_notification_response_failure(self): middleware = notifier.RequestNotifier(FakeFailingApp()) req = webob.Request.blank('/foo/bar', - environ={'REQUEST_METHOD': 'GET'}) + environ={'REQUEST_METHOD': 'GET', + 'HTTP_X_AUTH_TOKEN': uuid.uuid4()}) with mock.patch('openstack.common.notifier.api.notify') as notify: try: middleware(req) @@ -99,6 +104,7 @@ class NotifierMiddlewareTest(utils.BaseTestCase): self.assertEqual(request['PATH_INFO'], '/foo/bar') self.assertEqual(request['REQUEST_METHOD'], 'GET') self.assertIn('HTTP_X_SERVICE_NAME', request) + self.assertNotIn('HTTP_X_AUTH_TOKEN', request) self.assertFalse(any(map(lambda s: s.startswith('wsgi.'), request.keys())), "WSGI fields are filtered out") @@ -114,6 +120,7 @@ class NotifierMiddlewareTest(utils.BaseTestCase): self.assertEqual(request['PATH_INFO'], '/foo/bar') self.assertEqual(request['REQUEST_METHOD'], 'GET') self.assertIn('HTTP_X_SERVICE_NAME', request) + self.assertNotIn('HTTP_X_AUTH_TOKEN', request) self.assertFalse(any(map(lambda s: s.startswith('wsgi.'), request.keys())), "WSGI fields are filtered out")