Stop returning correct password on api calls

Captured invalid signature exception in authentication step, so that the problem is not returning exception to user, revealing the real password. Fixes bug 868360. Change-Id: Idb31f076a7b14309f0fda698261de816924da354
openstack · Oct 5, 2011 · beee11e · beee11e
1 parent 981f527
commit beee11e
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 9 deletions.
diff --git a/Authors b/Authors
@@ -1,6 +1,7 @@
 Aaron Lee <aaron.lee@rackspace.com>
 Adam Gandelman <adamg@canonical.com>
 Adam Johnson <adjohn@gmail.com>
+Ahmad Hassan <ahmad.hassan@hp.com>
 Alex Meade <alex.meade@rackspace.com>
 Alexander Sakhnov <asakhnov@mirantis.com>
 Andrey Brindeyev <abrindeyev@griddynamics.com>

diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
@@ -188,7 +188,8 @@ def __call__(self, req):
                     req.host,
                     req.path)
         # Be explicit for what exceptions are 403, the rest bubble as 500
-        except (exception.NotFound, exception.NotAuthorized) as ex:
+        except (exception.NotFound, exception.NotAuthorized,
+                exception.InvalidSignature) as ex:
             LOG.audit(_("Authentication Failure: %s"), unicode(ex))
             raise webob.exc.HTTPForbidden()
 

diff --git a/nova/auth/manager.py b/nova/auth/manager.py
@@ -149,11 +149,7 @@ def is_project_manager(self, project):
         return AuthManager().is_project_manager(self, project)
 
     def __repr__(self):
-        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
-                                                     self.name,
-                                                     self.access,
-                                                     self.secret,
-                                                     self.admin)
+        return "User('%s', '%s')" % (self.id, self.name)
 
 
 class Project(AuthBase):
@@ -200,9 +196,7 @@ def get_credentials(self, user):
         return AuthManager().get_credentials(user, self)
 
     def __repr__(self):
-        return "Project('%s', '%s', '%s', '%s', %s)" % \
-            (self.id, self.name, self.project_manager_id, self.description,
-             self.member_ids)
+        return "Project('%s', '%s')" % (self.id, self.name)
 
 
 class AuthManager(object):