Adds a check for users re-submitting the redacted token.

This commit is contained in:
James Phillips 2016-02-24 17:23:09 -08:00
parent 483898abe5
commit 7d392118d2
3 changed files with 22 additions and 5 deletions

View File

@ -134,7 +134,13 @@ func parseQuery(query *structs.PreparedQuery) error {
// transaction. Otherwise, people could "steal" queries that they don't
// have proper ACL rights to change.
// - Session is optional and checked for integrity during the transaction.
// - Token is checked when a query is executed.
// Token is checked when the query is executed, but we do make sure the
// user hasn't accidentally pasted-in the special redacted token name,
// which if we allowed in would be super hard to debug and understand.
if query.Token == redactedToken {
return fmt.Errorf("Bad Token '%s', it looks like a query definition with a redacted token was submitted", query.Token)
}
// Parse the service query sub-structure.
if err := parseService(&query.Service); err != nil {

View File

@ -539,6 +539,17 @@ func TestPreparedQuery_parseQuery(t *testing.T) {
t.Fatalf("err: %v", err)
}
query.Token = redactedToken
err = parseQuery(query)
if err == nil || !strings.Contains(err.Error(), "Bad Token") {
t.Fatalf("bad: %v", err)
}
query.Token = "adf4238a-882b-9ddc-4a9d-5b6758e4159e"
if err := parseQuery(query); err != nil {
t.Fatalf("err: %v", err)
}
query.Service.Failover.NearestN = -1
err = parseQuery(query)
if err == nil || !strings.Contains(err.Error(), "Bad NearestN") {

View File

@ -167,8 +167,8 @@ queries and all consistency modes.
If ACLs are enabled, then the client will only see prepared queries for which their
token has `query` read privileges. A management token will be able to see all
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
used.
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
management token is used.
This returns a JSON list of prepared queries, which looks like:
@ -233,8 +233,8 @@ status code will be returned.
If ACLs are enabled, then the client will only see prepared queries for which their
token has `query` read privileges. A management token will be able to see all
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
used.
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
management token is used.
#### DELETE Method