From 60fa403ab9055b5dd4cae394c094b20cdeb77c50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Bonnet?= Date: Thu, 2 Jan 2020 13:39:14 +0000 Subject: [PATCH] Fixes security breach, adds LOGGED_COMPONent to message --- tng-router/Gemfile | 4 ++-- tng-router/lib/middlewares/authentication.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tng-router/Gemfile b/tng-router/Gemfile index 642039f..43ceb3d 100644 --- a/tng-router/Gemfile +++ b/tng-router/Gemfile @@ -34,14 +34,14 @@ source 'https://rubygems.org' ruby '2.4.3' gem 'rake', '12.3.0' -gem 'rack', '2.0.6' +gem 'rack', '2.0.8' gem 'rack-uploads', '0.2.1' gem 'sinatra', '2.0.2', require: 'sinatra/base' gem 'sinatra-contrib', '2.0.2', require: false gem 'faraday', '0.14.0' gem 'curb', '0.9.3' -gem 'puma', '3.11.0' +gem 'puma', '3.12.2' gem 'tng-gtk-utils', '0.5.1' gem 'ci_reporter_rspec', '1.0.0' gem 'rubocop', '0.52.0' diff --git a/tng-router/lib/middlewares/authentication.rb b/tng-router/lib/middlewares/authentication.rb index c7d9841..783441a 100644 --- a/tng-router/lib/middlewares/authentication.rb +++ b/tng-router/lib/middlewares/authentication.rb @@ -80,7 +80,7 @@ def call(env) env['5gtango.user.name'] = find_user_name_by_token(token: decoded_token) env['5gtango.user.email'] = find_user_email_by_token(token: decoded_token) - STDERR.puts ">>>>>> User name=#{env['5gtango.user.name']}, user email=#{env['5gtango.user.email']}" + STDERR.puts ">>>>>> #{LOGGED_COMPONENT}#{msg}: User name=#{env['5gtango.user.name']}, user email=#{env['5gtango.user.email']}" #env['5gtango.user.token'] = token[1] env['5gtango.user.role'] = decoded_token[:role] env['5gtango.user.endpoints'] = decoded_token[:endpoints].to_json @@ -102,7 +102,7 @@ def token_valid?(token:) def find_user_name_by_token(token:) return '' unless token.key?(:username) - STDERR.puts ">>>>Authentication.find_user_name_by_token: #{token[:username]}" + STDERR.puts ">>>> #{LOGGED_COMPONENT}.find_user_name_by_token: #{token[:username]}" token[:username] end def find_user_email_by_token(token:)