mirror of https://github.com/hashicorp/consul
Adds a check for users re-submitting the redacted token.
parent
483898abe5
commit
7d392118d2
|
@ -134,7 +134,13 @@ func parseQuery(query *structs.PreparedQuery) error {
|
|||
// transaction. Otherwise, people could "steal" queries that they don't
|
||||
// have proper ACL rights to change.
|
||||
// - Session is optional and checked for integrity during the transaction.
|
||||
// - Token is checked when a query is executed.
|
||||
|
||||
// Token is checked when the query is executed, but we do make sure the
|
||||
// user hasn't accidentally pasted-in the special redacted token name,
|
||||
// which if we allowed in would be super hard to debug and understand.
|
||||
if query.Token == redactedToken {
|
||||
return fmt.Errorf("Bad Token '%s', it looks like a query definition with a redacted token was submitted", query.Token)
|
||||
}
|
||||
|
||||
// Parse the service query sub-structure.
|
||||
if err := parseService(&query.Service); err != nil {
|
||||
|
|
|
@ -539,6 +539,17 @@ func TestPreparedQuery_parseQuery(t *testing.T) {
|
|||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
query.Token = redactedToken
|
||||
err = parseQuery(query)
|
||||
if err == nil || !strings.Contains(err.Error(), "Bad Token") {
|
||||
t.Fatalf("bad: %v", err)
|
||||
}
|
||||
|
||||
query.Token = "adf4238a-882b-9ddc-4a9d-5b6758e4159e"
|
||||
if err := parseQuery(query); err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
query.Service.Failover.NearestN = -1
|
||||
err = parseQuery(query)
|
||||
if err == nil || !strings.Contains(err.Error(), "Bad NearestN") {
|
||||
|
|
|
@ -167,8 +167,8 @@ queries and all consistency modes.
|
|||
|
||||
If ACLs are enabled, then the client will only see prepared queries for which their
|
||||
token has `query` read privileges. A management token will be able to see all
|
||||
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
|
||||
used.
|
||||
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
|
||||
management token is used.
|
||||
|
||||
This returns a JSON list of prepared queries, which looks like:
|
||||
|
||||
|
@ -233,8 +233,8 @@ status code will be returned.
|
|||
|
||||
If ACLs are enabled, then the client will only see prepared queries for which their
|
||||
token has `query` read privileges. A management token will be able to see all
|
||||
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
|
||||
used.
|
||||
prepared queries. Tokens will be redacted and displayed as `<hidden>` unless a
|
||||
management token is used.
|
||||
|
||||
#### DELETE Method
|
||||
|
||||
|
|
Loading…
Reference in New Issue