Merge "Log token with sha1"

2014-10-09 15:01:05 +00:00
parent 1d1d92a6a3 23d20452d2
commit 89dc951f7d
2 changed files with 6 additions and 2 deletions
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -12,6 +12,7 @@

 import argparse
 import functools
+import hashlib
 import logging
 import os
 import time
@@ -122,7 +123,10 @@ class Session(object):
        secure_headers = ('authorization', 'x-auth-token',
                          'x-subject-token',)
        if header[0].lower() in secure_headers:
-            return (header[0], 'TOKEN_REDACTED')
+            token_hasher = hashlib.sha1()
+            token_hasher.update(header[1].encode('utf-8'))
+            token_hash = token_hasher.hexdigest()
+            return (header[0], '{SHA1}%s' % token_hash)
        return header

    @utils.positional()
--- a/keystoneclient/tests/test_session.py
+++ b/keystoneclient/tests/test_session.py
@@ -168,7 +168,7 @@ class SessionTests(utils.TestCase):
        # Assert that response headers contains actual values and
        # only debug logs has been masked
        for k, v in six.iteritems(security_headers):
-            self.assertIn('%s: TOKEN_REDACTED' % k, self.logger.output)
+            self.assertIn('%s: {SHA1}' % k, self.logger.output)
            self.assertEqual(v, resp.headers[k])
            self.assertNotIn(v, self.logger.output)