Skip to content

used password shown on error message #398

New issue
New issue
Closed
Closed
used password shown on error message#398
@mshannaq

Description

@mshannaq
mshannaq
opened on Feb 3, 2024

when using php-opencloud and when error happen , the error message show the password used to access openstack

is there any way to hide the used password from the error message

example of what I mean:

If I call:

        $openstack = $this->prepareOpenStack($providerInfo);
            try {
                $compute = $openstack->computeV2();
                $server = $compute->getServer(['id' => $serverinfo->instance_id]);
                $rtype = ($rebootType == 'hard') ? \OpenStack\Compute\v2\Enum::REBOOT_HARD : \OpenStack\Compute\v2\Enum::REBOOT_SOFT;
                $reboot_result = $server->reboot($rtype);
            } catch (\Exception $e) {
                return response()->json([
                    'status' => 'error',
                    'message' => 'An error occurred running the command ' . $e->getMessage(), 
                    'message' => 'An error occurred running the command',
                    'code' => $e->getCode(), // Optional: Include error code
                    'data' => [ // Optional: Additional error data
                        'error_details' => 'Additional details about the error.',
                    ],
                ], Response::HTTP_INTERNAL_SERVER_ERROR); // Use appropriate HTTP status code
            }

in that example if error happend some times the returned message contains the error text with the used password

example of message returned:


An error occurred running the command HTTP Error
~~~~~~~~~~
The remote server returned a "401 UNAUTHORIZED" error for the following transaction:

Request
~~~~~~~
POST /v3/auth/tokens HTTP/1.1
User-Agent: GuzzleHttp/7
Content-Type: application/json
Host: console.openstack.test:5000

{"auth":{"identity":{"password":{"user":{"name":"sandboxuser","password":"tempPassword","domain":{"id":"default"}}},"methods":["password"]},"scope":{"project":{"id":"9283f894c3frd32"}}}}

Response
~~~~~~~~
HTTP/1.1 401 UNAUTHORIZED
date: Sat, 03 Feb 2024 03:38:36 GMT
server: Apache/2.4.29 (Ubuntu)
www-authenticate: Keystone uri="https://console.openstack.test:5000/v3"
content-length: 109
vary: X-Auth-Token
x-openstack-request-id: req-15f44d54-90ba-40e9-8c08-61a879a65eb3
content-type: application/json

{"error":{"code":401,"message":"The request you have made requires authentication.","title":"Unauthorized"}}

Further information
~~~~~~~~~~~~~~~~~~~
Please ensure that your authentication credentials are valid. Visit http://docs.php-opencloud.com/en/latest/http-codes for more information about debugging HTTP status codes, or file a support issue on https://github.com/php-opencloud/openstack/issues.

in the message it shown the used passwrod tempPassword which is not secure to return the password in messages.

is there any way to disable show the password on returned messages?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions