projects
/
osm
/
NBI.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Coverity-CWE 330: Use of Insufficiently Random Values
[osm/NBI.git]
/
osm_nbi
/
auth.py
diff --git
a/osm_nbi/auth.py
b/osm_nbi/auth.py
index
a99cea7
..
0b3264f
100644
(file)
--- a/
osm_nbi/auth.py
+++ b/
osm_nbi/auth.py
@@
-283,7
+283,7
@@
class Authenticator:
(r for r in records if r["name"] == "system_admin"), None
):
with open(self.roles_to_operations_file, "r") as stream:
(r for r in records if r["name"] == "system_admin"), None
):
with open(self.roles_to_operations_file, "r") as stream:
- roles_to_operations_yaml = yaml.
load(stream, Loader=yaml.Loader
)
+ roles_to_operations_yaml = yaml.
safe_load(stream
)
role_names = []
for role_with_operations in roles_to_operations_yaml["roles"]:
role_names = []
for role_with_operations in roles_to_operations_yaml["roles"]:
@@
-449,9
+449,11
@@
class Authenticator:
elif auth_list[0].lower() == "basic":
user_passwd64 = auth_list[-1]
if not token:
elif auth_list[0].lower() == "basic":
user_passwd64 = auth_list[-1]
if not token:
- if cherrypy.session.get("Authorization"):
+ if cherrypy.session.get("Authorization"):
# pylint: disable=E1101
# 2. Try using session before request a new token. If not, basic authentication will generate
# 2. Try using session before request a new token. If not, basic authentication will generate
- token = cherrypy.session.get("Authorization")
+ token = cherrypy.session.get( # pylint: disable=E1101
+ "Authorization"
+ )
if token == "logout":
token = None # force Unauthorized response to insert user password again
elif user_passwd64 and cherrypy.request.config.get(
if token == "logout":
token = None # force Unauthorized response to insert user password again
elif user_passwd64 and cherrypy.request.config.get(
@@
-466,10
+468,10
@@
class Authenticator:
except Exception:
pass
outdata = self.new_token(
except Exception:
pass
outdata = self.new_token(
- None, {"username": user, "password": passwd}
+ None, {"username": user, "password": passwd}
, None
)
token = outdata["_id"]
)
token = outdata["_id"]
- cherrypy.session["Authorization"] = token
+ cherrypy.session["Authorization"] = token
# pylint: disable=E1101
if not token:
raise AuthException(
if not token:
raise AuthException(
@@
-508,8
+510,8
@@
class Authenticator:
return token_info
except AuthException as e:
if not isinstance(e, AuthExceptionUnauthorized):
return token_info
except AuthException as e:
if not isinstance(e, AuthExceptionUnauthorized):
- if cherrypy.session.get("Authorization"):
- del cherrypy.session["Authorization"]
+ if cherrypy.session.get("Authorization"):
# pylint: disable=E1101
+ del cherrypy.session["Authorization"]
# pylint: disable=E1101
cherrypy.response.headers[
"WWW-Authenticate"
] = 'Bearer realm="{}"'.format(e)
cherrypy.response.headers[
"WWW-Authenticate"
] = 'Bearer realm="{}"'.format(e)
@@
-775,7
+777,6
@@
class Authenticator:
:param outdata: user token information
"""
user_content = None
:param outdata: user token information
"""
user_content = None
- detail = {}
present_time = time()
user = outdata["username"]
if self.config["authentication"].get("pwd_expiry_check"):
present_time = time()
user = outdata["username"]
if self.config["authentication"].get("pwd_expiry_check"):