You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/05/11 14:46:44 UTC
[airavata-django-portal] 03/03: AIRAVATA-3331 Mask client_secret
out of error emails
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit e2f62c61d47edcef1a189ae39cd33e385372509e
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon May 11 10:46:24 2020 -0400
AIRAVATA-3331 Mask client_secret out of error emails
---
django_airavata/apps/auth/backends.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index fc495c4..119a635 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -59,6 +59,7 @@ class KeycloakBackend(object):
except User.DoesNotExist:
return None
+ @sensitive_variables('client_secret')
def _get_token_and_userinfo_password_flow(self, username, password):
client_id = settings.KEYCLOAK_CLIENT_ID
client_secret = settings.KEYCLOAK_CLIENT_SECRET
@@ -78,6 +79,7 @@ class KeycloakBackend(object):
userinfo = oauth2_session.get(userinfo_url).json()
return token, userinfo
+ @sensitive_variables('client_secret')
def _get_token_and_userinfo_redirect_flow(self, request):
authorization_code_url = request.build_absolute_uri()
client_id = settings.KEYCLOAK_CLIENT_ID
@@ -100,6 +102,7 @@ class KeycloakBackend(object):
userinfo = oauth2_session.get(userinfo_url).json()
return token, userinfo
+ @sensitive_variables('client_secret', 'auth')
def _get_token_and_userinfo_from_refresh_token(self,
request,
refresh_token=None):