remove token from notifier middleware
oslo-incubator sync to address the security bug in middleware (as below). notifier middleware is capturing token and sending it to MQ. this is not advisable so we should filter it out. Change-Id: Ia1bfa1bd24989681db1d2f385defc12e69a01f8d Closes-Bug: #1321080
This commit is contained in:
parent
d568fee34b
commit
0324965a0c
|
@ -22,7 +22,7 @@ to hide internal errors from API response.
|
||||||
import webob.dec
|
import webob.dec
|
||||||
import webob.exc
|
import webob.exc
|
||||||
|
|
||||||
from neutron.openstack.common.gettextutils import _ # noqa
|
from neutron.openstack.common.gettextutils import _LE
|
||||||
from neutron.openstack.common import log as logging
|
from neutron.openstack.common import log as logging
|
||||||
from neutron.openstack.common.middleware import base
|
from neutron.openstack.common.middleware import base
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ class CatchErrorsMiddleware(base.Middleware):
|
||||||
try:
|
try:
|
||||||
response = req.get_response(self.application)
|
response = req.get_response(self.application)
|
||||||
except Exception:
|
except Exception:
|
||||||
LOG.exception(_('An error occurred during '
|
LOG.exception(_LE('An error occurred during '
|
||||||
'processing the request: %s'))
|
'processing the request: %s'))
|
||||||
response = webob.exc.HTTPInternalServerError()
|
response = webob.exc.HTTPInternalServerError()
|
||||||
return response
|
return response
|
||||||
|
|
|
@ -24,7 +24,7 @@ import six
|
||||||
import webob.dec
|
import webob.dec
|
||||||
|
|
||||||
from neutron.openstack.common import context
|
from neutron.openstack.common import context
|
||||||
from neutron.openstack.common.gettextutils import _
|
from neutron.openstack.common.gettextutils import _LE
|
||||||
from neutron.openstack.common import log as logging
|
from neutron.openstack.common import log as logging
|
||||||
from neutron.openstack.common.middleware import base
|
from neutron.openstack.common.middleware import base
|
||||||
from neutron.openstack.common.notifier import api
|
from neutron.openstack.common.notifier import api
|
||||||
|
@ -37,8 +37,8 @@ def log_and_ignore_error(fn):
|
||||||
try:
|
try:
|
||||||
return fn(*args, **kwargs)
|
return fn(*args, **kwargs)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.exception(_('An exception occurred processing '
|
LOG.exception(_LE('An exception occurred processing '
|
||||||
'the API call: %s ') % e)
|
'the API call: %s ') % e)
|
||||||
return wrapped
|
return wrapped
|
||||||
|
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ class RequestNotifier(base.Middleware):
|
||||||
return _factory
|
return _factory
|
||||||
|
|
||||||
def __init__(self, app, **conf):
|
def __init__(self, app, **conf):
|
||||||
self.service_name = conf.get('service_name', None)
|
self.service_name = conf.get('service_name')
|
||||||
self.ignore_req_list = [x.upper().strip() for x in
|
self.ignore_req_list = [x.upper().strip() for x in
|
||||||
conf.get('ignore_req_list', '').split(',')]
|
conf.get('ignore_req_list', '').split(',')]
|
||||||
super(RequestNotifier, self).__init__(app)
|
super(RequestNotifier, self).__init__(app)
|
||||||
|
@ -68,7 +68,7 @@ class RequestNotifier(base.Middleware):
|
||||||
|
|
||||||
"""
|
"""
|
||||||
return dict((k, v) for k, v in six.iteritems(environ)
|
return dict((k, v) for k, v in six.iteritems(environ)
|
||||||
if k.isupper())
|
if k.isupper() and k != 'HTTP_X_AUTH_TOKEN')
|
||||||
|
|
||||||
@log_and_ignore_error
|
@log_and_ignore_error
|
||||||
def process_request(self, request):
|
def process_request(self, request):
|
||||||
|
|
|
@ -29,8 +29,8 @@ from neutron.openstack.common.middleware import base
|
||||||
max_req_body_size = cfg.IntOpt('max_request_body_size',
|
max_req_body_size = cfg.IntOpt('max_request_body_size',
|
||||||
deprecated_name='osapi_max_request_body_size',
|
deprecated_name='osapi_max_request_body_size',
|
||||||
default=114688,
|
default=114688,
|
||||||
help='the maximum body size '
|
help='The maximum body size '
|
||||||
'per each request(bytes)')
|
'per request, in bytes')
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.register_opt(max_req_body_size)
|
CONF.register_opt(max_req_body_size)
|
||||||
|
|
Loading…
Reference in New Issue