From b1ab6da1495784ff581000018a6047fd19cf82c4 Mon Sep 17 00:00:00 2001
From: Ahmad Hassan <ahmad.hassan@hp.com>
Date: Mon, 1 Aug 2011 17:16:49 +0100
Subject: [PATCH] Stop returning correct password on api calls

Captured invalid signature exception in authentication step, so that
the problem is not returning exception to user, revealing the real
password.
Fixes bug 868360.

(cherry picked from commit beee11edbfdd82cd81bc9c0fd75912c167892c2b)

Change-Id: I5d6f713358dc720514b3e693f9adb11ccacecdd0
---
 Authors                  |  1 +
 nova/api/ec2/__init__.py |  3 ++-
 nova/auth/manager.py     | 10 ++--------
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/Authors b/Authors
index f23565b409f..cc1fb785a87 100644
--- a/Authors
+++ b/Authors
@@ -1,6 +1,7 @@
 Aaron Lee <aaron.lee@rackspace.com>
 Adam Gandelman <adamg@canonical.com>
 Adam Johnson <adjohn@gmail.com>
+Ahmad Hassan <ahmad.hassan@hp.com>
 Alex Meade <alex.meade@rackspace.com>
 Alexander Sakhnov <asakhnov@mirantis.com>
 Andrey Brindeyev <abrindeyev@griddynamics.com>
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 8dcb44bba6e..4b4c0f53664 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -188,7 +188,8 @@ def __call__(self, req):
                     req.host,
                     req.path)
         # Be explicit for what exceptions are 403, the rest bubble as 500
-        except (exception.NotFound, exception.NotAuthorized) as ex:
+        except (exception.NotFound, exception.NotAuthorized,
+                exception.InvalidSignature) as ex:
             LOG.audit(_("Authentication Failure: %s"), unicode(ex))
             raise webob.exc.HTTPForbidden()
 
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 44e6e11acd2..e0504464ee8 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -149,11 +149,7 @@ def is_project_manager(self, project):
         return AuthManager().is_project_manager(self, project)
 
     def __repr__(self):
-        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
-                                                     self.name,
-                                                     self.access,
-                                                     self.secret,
-                                                     self.admin)
+        return "User('%s', '%s')" % (self.id, self.name)
 
 
 class Project(AuthBase):
@@ -200,9 +196,7 @@ def get_credentials(self, user):
         return AuthManager().get_credentials(user, self)
 
     def __repr__(self):
-        return "Project('%s', '%s', '%s', '%s', %s)" % \
-            (self.id, self.name, self.project_manager_id, self.description,
-             self.member_ids)
+        return "Project('%s', '%s')" % (self.id, self.name)
 
 
 class AuthManager(object):