mirror of https://github.com/hashicorp/consul
Adds a check for users re-submitting the redacted token.
parent
483898abe5
commit
7d392118d2
|
@ -134,7 +134,13 @@ func parseQuery(query *structs.PreparedQuery) error {
|
||||||
// transaction. Otherwise, people could "steal" queries that they don't
|
// transaction. Otherwise, people could "steal" queries that they don't
|
||||||
// have proper ACL rights to change.
|
// have proper ACL rights to change.
|
||||||
// - Session is optional and checked for integrity during the transaction.
|
// - Session is optional and checked for integrity during the transaction.
|
||||||
// - Token is checked when a query is executed.
|
|
||||||
|
// Token is checked when the query is executed, but we do make sure the
|
||||||
|
// user hasn't accidentally pasted-in the special redacted token name,
|
||||||
|
// which if we allowed in would be super hard to debug and understand.
|
||||||
|
if query.Token == redactedToken {
|
||||||
|
return fmt.Errorf("Bad Token '%s', it looks like a query definition with a redacted token was submitted", query.Token)
|
||||||
|
}
|
||||||
|
|
||||||
// Parse the service query sub-structure.
|
// Parse the service query sub-structure.
|
||||||
if err := parseService(&query.Service); err != nil {
|
if err := parseService(&query.Service); err != nil {
|
||||||
|
|
|
@ -539,6 +539,17 @@ func TestPreparedQuery_parseQuery(t *testing.T) {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
query.Token = redactedToken
|
||||||
|
err = parseQuery(query)
|
||||||
|
if err == nil || !strings.Contains(err.Error(), "Bad Token") {
|
||||||
|
t.Fatalf("bad: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
query.Token = "adf4238a-882b-9ddc-4a9d-5b6758e4159e"
|
||||||
|
if err := parseQuery(query); err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
query.Service.Failover.NearestN = -1
|
query.Service.Failover.NearestN = -1
|
||||||
err = parseQuery(query)
|
err = parseQuery(query)
|
||||||
if err == nil || !strings.Contains(err.Error(), "Bad NearestN") {
|
if err == nil || !strings.Contains(err.Error(), "Bad NearestN") {
|
||||||
|
|
|
@ -167,8 +167,8 @@ queries and all consistency modes.
|
||||||
|
|
||||||
If ACLs are enabled, then the client will only see prepared queries for which their
|
If ACLs are enabled, then the client will only see prepared queries for which their
|
||||||
token has `query` read privileges. A management token will be able to see all
|
token has `query` read privileges. A management token will be able to see all
|
||||||
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
|
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
|
||||||
used.
|
management token is used.
|
||||||
|
|
||||||
This returns a JSON list of prepared queries, which looks like:
|
This returns a JSON list of prepared queries, which looks like:
|
||||||
|
|
||||||
|
@ -233,8 +233,8 @@ status code will be returned.
|
||||||
|
|
||||||
If ACLs are enabled, then the client will only see prepared queries for which their
|
If ACLs are enabled, then the client will only see prepared queries for which their
|
||||||
token has `query` read privileges. A management token will be able to see all
|
token has `query` read privileges. A management token will be able to see all
|
||||||
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
|
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
|
||||||
used.
|
management token is used.
|
||||||
|
|
||||||
#### DELETE Method
|
#### DELETE Method
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue