def __call__(self, environ, start_response): raw_data = environ['wsgi.input'].read() remote_addr = self._remote_addr(environ) action_name = None processed_action_data = {} secured_request = {} secured_response = {} try: action_name, action_data = self.helix_api.handle_request(raw_data) secured_request = self._secured_request(action_name, action_data) self.logger.debug('Request from %s: %s' % (remote_addr, secured_request)) processed_action_data = dict(action_data) req_info = RequestInfo(remote_addr=remote_addr) raw_response = self.action_handler(action_name, processed_action_data, req_info) secured_response = security.sanitize_credentials(raw_response) self.logger.log(logging.DEBUG, 'Response to %s: %s' % (remote_addr, secured_response)) response = self.helix_api.handle_response(action_name, raw_response) except ValidationError, e: action_name, action_data = self.helix_api.handle_request(raw_data, validation=False) secured_request = self._secured_request(action_name, action_data) raw_response = response_error(e) response = self.helix_api.handle_response(action_name, raw_response, validation=False) self.logger.log(logging.ERROR, 'Request from %s: %s' % (remote_addr, secured_request)) secured_response = security.sanitize_credentials(raw_response) self.logger.log(logging.ERROR, 'Response to %s: %s. Error: %s' % (remote_addr, secured_response, ';'.join(e.args)))
def test_sanitize_credentials(self): d = {'email': 'l', 'password': '******', 'new_password': '******', 'su_password': '******', 'session_id': 'sid'} actual = sanitize_credentials(d) expected = {'email': 'l', 'password': '******', 'new_password': '******', 'su_password': '******', 'session_id': 'sid'} self.assertEqual(expected, actual)
def __init__(self, class_name, **kwargs): sanitized_kwargs = security.sanitize_credentials(kwargs) super(HelixcoreObjectNotFound, self).__init__('%s not found by params: %s' % (class_name, sanitized_kwargs)) self.code = error_code.HELIX_OBJECT_NOT_FOUND
def __init__(self, class_name, **kwargs): sanitized_kwargs = security.sanitize_credentials(kwargs) super(HelixtariffObjectNotFound, self).__init__('%s not found by params: %s' % (class_name, sanitized_kwargs)) self.code = error_code.HELIXTARIFF_OBJECT_NOT_FOUND
def _secured_request(self, action_name, action_data): d = security.sanitize_credentials(action_data) d['action'] = action_name return d
except RequestProcessingError, e: raw_response = response_error(e) response = self.helix_api.handle_response(action_name, raw_response, validation=False) self.logger.log(logging.ERROR, 'Request from %s: %s' % (remote_addr, secured_request)) secured_response = security.sanitize_credentials(raw_response) self.logger.log(logging.ERROR, 'Response to %s: %s. Error: %s' % (remote_addr, secured_response, ';'.join(e.args))) except Exception, e: exc_type, value, tb = sys.exc_info() exc_descr = 'Exception type: %s. message: %s. trace: %s' % ( exc_type, '; '.join(value.args), traceback.extract_tb(tb)) del tb raw_response = response_app_error(exc_descr) response = self.helix_api.handle_response(action_name, raw_response, validation=False) secured_response = security.sanitize_credentials(raw_response) self.logger.log(logging.ERROR, 'Response to %s: %s. General error: %s' % (remote_addr, secured_response, exc_descr)) start_response('200 OK', [('Content-type', 'text/plain')]) self._log_action(remote_addr, secured_request, secured_response, action_name, processed_action_data) return [response] def _log_action(self, remote_addr, secured_request, secured_response, action_name, processed_action_data): try: if action_name in self.tracking_api_calls: request = json.dumps(secured_request) response = json.dumps(secured_response)