##// END OF EJS Templates
auth-plugins: add mechanismy to remove secrets from plugin logs....
marcink -
r1622:a01bfbca default
parent child Browse files
Show More
@@ -23,6 +23,7 b' Authentication modules'
23 """
23 """
24
24
25 import colander
25 import colander
26 import copy
26 import logging
27 import logging
27 import time
28 import time
28 import traceback
29 import traceback
@@ -109,6 +110,10 b' class RhodeCodeAuthPluginBase(object):'
109 colander.List: 'list',
110 colander.List: 'list',
110 }
111 }
111
112
113 # list of keys in settings that are unsafe to be logged, should be passwords
114 # or other crucial credentials
115 _settings_unsafe_keys = []
116
112 def __init__(self, plugin_id):
117 def __init__(self, plugin_id):
113 self._plugin_id = plugin_id
118 self._plugin_id = plugin_id
114
119
@@ -199,13 +204,23 b' class RhodeCodeAuthPluginBase(object):'
199 settings[node.name] = self.get_setting_by_name(node.name)
204 settings[node.name] = self.get_setting_by_name(node.name)
200 return settings
205 return settings
201
206
207 def log_safe_settings(self, settings):
208 """
209 returns a log safe representation of settings, without any secrets
210 """
211 settings_copy = copy.deepcopy(settings)
212 for k in self._settings_unsafe_keys:
213 if k in settings_copy:
214 del settings_copy[k]
215 return settings_copy
216
202 @property
217 @property
203 def validators(self):
218 def validators(self):
204 """
219 """
205 Exposes RhodeCode validators modules
220 Exposes RhodeCode validators modules
206 """
221 """
207 # this is a hack to overcome issues with pylons threadlocals and
222 # this is a hack to overcome issues with pylons threadlocals and
208 # translator object _() not beein registered properly.
223 # translator object _() not being registered properly.
209 class LazyCaller(object):
224 class LazyCaller(object):
210 def __init__(self, name):
225 def __init__(self, name):
211 self.validator_name = name
226 self.validator_name = name
@@ -557,7 +572,8 b' def authenticate(username, password, env'
557
572
558 # load plugin settings from RhodeCode database
573 # load plugin settings from RhodeCode database
559 plugin_settings = plugin.get_settings()
574 plugin_settings = plugin.get_settings()
560 log.debug('Plugin settings:%s', plugin_settings)
575 plugin_sanitized_settings = plugin.log_safe_settings(plugin_settings)
576 log.debug('Plugin settings:%s', plugin_sanitized_settings)
561
577
562 log.debug('Trying authentication using ** %s **', plugin.get_id())
578 log.debug('Trying authentication using ** %s **', plugin.get_id())
563 # use plugin's method of user extraction.
579 # use plugin's method of user extraction.
General Comments 0
You need to be logged in to leave comments. Login now