Stop returning correct password on api calls

Captured invalid signature exception in authentication step, so that the problem is not returning exception to user, revealing the real password. Fixes bug 868360. (cherry picked from commit beee11e) Change-Id: I5d6f713358dc720514b3e693f9adb11ccacecdd0
openstack · Oct 25, 2011 · b1ab6da · b1ab6da
1 parent 87823bb
commit b1ab6da
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 9 deletions.
diff --git a/Authors b/Authors
@@ -1,6 +1,7 @@
 Aaron Lee <aaron.lee@rackspace.com>
 Adam Gandelman <adamg@canonical.com>
 Adam Johnson <adjohn@gmail.com>
+Ahmad Hassan <ahmad.hassan@hp.com>
 Alex Meade <alex.meade@rackspace.com>
 Alexander Sakhnov <asakhnov@mirantis.com>
 Andrey Brindeyev <abrindeyev@griddynamics.com>

diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
@@ -188,7 +188,8 @@ def __call__(self, req):
                     req.host,
                     req.path)
         # Be explicit for what exceptions are 403, the rest bubble as 500
-        except (exception.NotFound, exception.NotAuthorized) as ex:
+        except (exception.NotFound, exception.NotAuthorized,
+                exception.InvalidSignature) as ex:
             LOG.audit(_("Authentication Failure: %s"), unicode(ex))
             raise webob.exc.HTTPForbidden()
 

diff --git a/nova/auth/manager.py b/nova/auth/manager.py
@@ -149,11 +149,7 @@ def is_project_manager(self, project):
         return AuthManager().is_project_manager(self, project)
 
     def __repr__(self):
-        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
-                                                     self.name,
-                                                     self.access,
-                                                     self.secret,
-                                                     self.admin)
+        return "User('%s', '%s')" % (self.id, self.name)
 
 
 class Project(AuthBase):
@@ -200,9 +196,7 @@ def get_credentials(self, user):
         return AuthManager().get_credentials(user, self)
 
     def __repr__(self):
-        return "Project('%s', '%s', '%s', '%s', %s)" % \
-            (self.id, self.name, self.project_manager_id, self.description,
-             self.member_ids)
+        return "Project('%s', '%s')" % (self.id, self.name)
 
 
 class AuthManager(object):