Mask passwords in debug log on user password operations

When a user is created, they change their password, or admin changes their password and debug logging is enabled, the value of the user's password was logged. The value should be masked. Conflicts: keystone/common/controller.py keystone/tests/unit/test_v3_identity.py Change-Id: I07b7441378fb630f01204d6b656b218f6b94dd5a Closes-Bug: #1465922 (cherry picked from commit fbdb100e65) (cherry picked from commit c4dc1331e1)
2015-06-19 14:18:18 -05:00 · 2015-06-19 14:18:18 -05:00 · c15cbc48d6
parent a7037547fe
commit c15cbc48d6
2 changed files with 9 additions and 15 deletions
--- a/keystone/common/controller.py
+++ b/keystone/common/controller.py
@ -25,6 +25,7 @@ from keystone import exception
 from keystone.i18n import _
 from keystone.models import token_model
 from keystone.openstack.common import log
 from keystone.openstack.common import strutils
 LOG = log.getLogger(__name__)
@ -50,9 +51,12 @@ def v2_deprecated(f):
 def _build_policy_check_credentials(self, action, context, kwargs):
    kwargs_str = ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])
    kwargs_str = strutils.mask_password(kwargs_str)
    LOG.debug('RBAC: Authorizing %(action)s(%(kwargs)s)', {
        'action': action,
-        'kwargs': ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])})
+        'kwargs': kwargs_str})
    # see if auth context has already been created. If so use it.
    if ('environment' in context and
--- a/keystone/tests/test_v3_identity.py
+++ b/keystone/tests/test_v3_identity.py
@ -1662,8 +1662,6 @@ class IdentityTestCase(test_v3.RestfulTestCase):
    def test_create_user_password_not_logged(self):
        # When a user is created, the password isn't logged at any level.
        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
        ref = self.new_user_ref(domain_id=self.domain_id)
@ -1671,15 +1669,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
            '/users',
            body={'user': ref})
-        # This should be assert*Not*In, see bug 1465922
+        self.assertNotIn(ref['password'], log_fix.output)
        self.assertIn(ref['password'], log_fix.output)
    def test_update_password_not_logged(self):
        # When admin modifies user password, the password isn't logged at any
        # level.
        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
        # bootstrap a user as admin
@ -1694,9 +1689,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
                   expected_status=200)
        self.assertNotIn(password, log_fix.output)
-
+        self.assertNotIn(new_password, log_fix.output)
        # This should be assert*Not*In, see bug 1465922
        self.assertIn(new_password, log_fix.output)
 class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
@ -2346,8 +2339,6 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
        # When a user changes their password, the password isn't logged at any
        # level.
        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
        # change password
@ -2356,6 +2347,5 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
                             original_password=self.user_ref['password'],
                             expected_status=204)
-        # These should be assert*Not*In, see bug 1465922
+        self.assertNotIn(self.user_ref['password'], log_fix.output)
-        self.assertIn(self.user_ref['password'], log_fix.output)
+        self.assertNotIn(new_password, log_fix.output)
        self.assertIn(new_password, log_fix.output)