From beee11edbfdd82cd81bc9c0fd75912c167892c2b Mon Sep 17 00:00:00 2001
From: Ahmad Hassan <ahmad.hassan@hp.com>
Date: Mon, 1 Aug 2011 17:16:49 +0100
Subject: Stop returning correct password on api calls

Captured invalid signature exception in authentication step, so that
the problem is not returning exception to user, revealing the real
password.
Fixes bug 868360.

Change-Id: Idb31f076a7b14309f0fda698261de816924da354
---
 nova/api/ec2/__init__.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 8dcb44bba..4b4c0f536 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -188,7 +188,8 @@ class Authenticate(wsgi.Middleware):
                     req.host,
                     req.path)
         # Be explicit for what exceptions are 403, the rest bubble as 500
-        except (exception.NotFound, exception.NotAuthorized) as ex:
+        except (exception.NotFound, exception.NotAuthorized,
+                exception.InvalidSignature) as ex:
             LOG.audit(_("Authentication Failure: %s"), unicode(ex))
             raise webob.exc.HTTPForbidden()
 
-- 
cgit