From 23d20452d24dc3adeb404ab44799585ec1169247 Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Wed, 24 Sep 2014 14:24:39 -0500 Subject: [PATCH] Log token with sha1 By logging the sha1 hash of the token, it can be tracked through different services. Closes-bug: #1329301 Change-Id: I9c338f6a418ab8dd34dbaaf918b0ea6e9cbe79d7 --- keystoneclient/session.py | 6 +++++- keystoneclient/tests/test_session.py | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/keystoneclient/session.py b/keystoneclient/session.py index a382cc7e0..577c2bf5c 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -12,6 +12,7 @@ import argparse import functools +import hashlib import logging import os import time @@ -122,7 +123,10 @@ class Session(object): secure_headers = ('authorization', 'x-auth-token', 'x-subject-token',) if header[0].lower() in secure_headers: - return (header[0], 'TOKEN_REDACTED') + token_hasher = hashlib.sha1() + token_hasher.update(header[1].encode('utf-8')) + token_hash = token_hasher.hexdigest() + return (header[0], '{SHA1}%s' % token_hash) return header @utils.positional() diff --git a/keystoneclient/tests/test_session.py b/keystoneclient/tests/test_session.py index 4c5b4605a..99c9e6e43 100644 --- a/keystoneclient/tests/test_session.py +++ b/keystoneclient/tests/test_session.py @@ -168,7 +168,7 @@ class SessionTests(utils.TestCase): # Assert that response headers contains actual values and # only debug logs has been masked for k, v in six.iteritems(security_headers): - self.assertIn('%s: TOKEN_REDACTED' % k, self.logger.output) + self.assertIn('%s: {SHA1}' % k, self.logger.output) self.assertEqual(v, resp.headers[k]) self.assertNotIn(v, self.logger.output)