diff options
author | Jamie Lennox <jamielennox@gmail.com> | 2016-05-04 18:56:10 +1000 |
---|---|---|
committer | Jamie Lennox <jamielennox@gmail.com> | 2016-05-09 11:23:23 +1000 |
commit | 0511e11287c6c554eac98fc725738baf6290c52e (patch) | |
tree | f7f857a2ea94a1210730a4d6e5517511364f5837 /oslo_context | |
parent | e1925637b4c0ec24575ef35b85deb8273053086b (diff) | |
download | oslo-context-0511e11287c6c554eac98fc725738baf6290c52e.tar.gz |
Strip roles in from_environ
If somehow whitespace gets into the roles coming from headers we should
remove it and only save the actual role name. This is not possible
coming from auth_token middleware but is tested by some services and is
simple to support here.
Change-Id: I11ac3959d8f8b233c8785671d7a59263a4dc36df
Diffstat (limited to 'oslo_context')
-rw-r--r-- | oslo_context/context.py | 3 | ||||
-rw-r--r-- | oslo_context/tests/test_context.py | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/oslo_context/context.py b/oslo_context/context.py index bfbedcb..d4902ad 100644 --- a/oslo_context/context.py +++ b/oslo_context/context.py @@ -173,7 +173,8 @@ class RequestContext(object): if 'roles' not in kwargs: roles = environ.get('HTTP_X_ROLES', environ.get('HTTP_X_ROLE')) - kwargs['roles'] = roles.split(',') if roles else [] + roles = [r.strip() for r in roles.split(',')] if roles else [] + kwargs['roles'] = roles return cls(**kwargs) diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py index f2a095a..2165608 100644 --- a/oslo_context/tests/test_context.py +++ b/oslo_context/tests/test_context.py @@ -209,6 +209,11 @@ class ContextTest(test_base.BaseTestCase): tenant=override) self.assertEqual(ctx.tenant, override) + def test_from_environ_strip_roles(self): + environ = {'HTTP_X_ROLES': ' abc\t,\ndef\n,ghi\n\n'} + ctx = context.RequestContext.from_environ(environ=environ) + self.assertEqual(['abc', 'def', 'ghi'], ctx.roles) + def test_from_function_and_args(self): ctx = context.RequestContext(user="user1") arg = [] |