Merge "Ensure that identity token in header is not an unicode string"
This commit is contained in:
Jenkins
@@ -135,7 +135,8 @@ class HTTPClient(_BaseHTTPClient):
|
|||||||
self.session.headers["User-Agent"] = USER_AGENT
|
self.session.headers["User-Agent"] = USER_AGENT
|
||||||
|
|
||||||
if self.auth_token:
|
if self.auth_token:
|
||||||
self.session.headers["X-Auth-Token"] = self.auth_token
|
self.session.headers["X-Auth-Token"] = encodeutils.safe_encode(
|
||||||
|
self.auth_token)
|
||||||
|
|
||||||
if self.language_header:
|
if self.language_header:
|
||||||
self.session.headers["Accept-Language"] = self.language_header
|
self.session.headers["Accept-Language"] = self.language_header
|
||||||
|
|||||||
@@ -449,8 +449,7 @@ def memoized_property(fn):
|
|||||||
|
|
||||||
def safe_header(name, value):
|
def safe_header(name, value):
|
||||||
if value is not None and name in SENSITIVE_HEADERS:
|
if value is not None and name in SENSITIVE_HEADERS:
|
||||||
v = value.encode('utf-8')
|
h = hashlib.sha1(value)
|
||||||
h = hashlib.sha1(v)
|
|
||||||
d = h.hexdigest()
|
d = h.hexdigest()
|
||||||
return name, "{SHA1}%s" % d
|
return name, "{SHA1}%s" % d
|
||||||
else:
|
else:
|
||||||
|
|||||||
@@ -210,6 +210,14 @@ class TestClient(testtools.TestCase):
|
|||||||
self.assertEqual(b"ni\xc3\xb1o", encoded[b"test"])
|
self.assertEqual(b"ni\xc3\xb1o", encoded[b"test"])
|
||||||
self.assertNotIn("none-val", encoded)
|
self.assertNotIn("none-val", encoded)
|
||||||
|
|
||||||
|
def test_auth_token_header_encoding(self):
|
||||||
|
# Tests that X-Auth-Token header is converted to ascii string, as
|
||||||
|
# httplib in python 2.6 won't do the conversion
|
||||||
|
value = u'ni\xf1o'
|
||||||
|
http_client_object = http.HTTPClient(self.endpoint, token=value)
|
||||||
|
self.assertEqual(b'ni\xc3\xb1o',
|
||||||
|
http_client_object.session.headers['X-Auth-Token'])
|
||||||
|
|
||||||
def test_raw_request(self):
|
def test_raw_request(self):
|
||||||
"""Verify the path being used for HTTP requests reflects accurately."""
|
"""Verify the path being used for HTTP requests reflects accurately."""
|
||||||
headers = {"Content-Type": "text/plain"}
|
headers = {"Content-Type": "text/plain"}
|
||||||
|
|||||||
@@ -168,7 +168,9 @@ class TestUtils(testtools.TestCase):
|
|||||||
utils.safe_header('somekey', None))
|
utils.safe_header('somekey', None))
|
||||||
|
|
||||||
for sensitive_header in utils.SENSITIVE_HEADERS:
|
for sensitive_header in utils.SENSITIVE_HEADERS:
|
||||||
(name, value) = utils.safe_header(sensitive_header, 'somestring')
|
(name, value) = utils.safe_header(
|
||||||
|
sensitive_header,
|
||||||
|
encodeutils.safe_encode('somestring'))
|
||||||
self.assertEqual(sensitive_header, name)
|
self.assertEqual(sensitive_header, name)
|
||||||
self.assertTrue(value.startswith("{SHA1}"))
|
self.assertTrue(value.startswith("{SHA1}"))
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user