You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2019/06/25 13:47:22 UTC
[airavata-django-portal] branch master updated: AIRAVATA-2638 Don't
log password when login fails
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
The following commit(s) were added to refs/heads/master by this push:
new 735bf8c AIRAVATA-2638 Don't log password when login fails
735bf8c is described below
commit 735bf8cb4b85812848a6b5c4ae31ba13440dbf3b
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon Jun 24 10:02:36 2019 -0400
AIRAVATA-2638 Don't log password when login fails
---
django_airavata/apps/auth/backends.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index 27480cd..0979f05 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -5,6 +5,7 @@ import time
import requests
from django.conf import settings
from django.contrib.auth.models import User
+from django.views.decorators.debug import sensitive_variables
from oauthlib.oauth2 import LegacyApplicationClient
from requests_oauthlib import OAuth2Session
@@ -16,6 +17,7 @@ logger = logging.getLogger(__name__)
class KeycloakBackend(object):
"""Django authentication backend for Keycloak."""
+ @sensitive_variables('password')
def authenticate(self, request=None, username=None, password=None):
try:
if username and password: