# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-01-11 12:41:00
# Node ID b5aef8f888ab0e0aec701850440bdad88c90f356
# Parent  c0dab9ada1f7aa3cb09114a0b45209cf6530634d

login: don't show password hash inside the logs. It's irrelevant to show this.

diff --git a/rhodecode/login/views.py b/rhodecode/login/views.py
--- a/rhodecode/login/views.py
+++ b/rhodecode/login/views.py
@@ -69,8 +69,10 @@ def _store_user_in_session(session, user
 
     session.save()
 
+    safe_cs = cs.copy()
+    safe_cs['password'] = '****'
     log.info('user %s is now authenticated and stored in '
-             'session, session attrs %s', username, cs)
+             'session, session attrs %s', username, safe_cs)
 
     # dumps session attrs back to cookie
     session._update_cookie_out()