##// END OF EJS Templates
auth-plugins: add mechanismy to remove secrets from plugin logs....
marcink -
r1631:73a21507 stable
parent child Browse files
Show More
@@ -23,6 +23,7 b' Authentication modules'
23 """
23 """
24
24
25 import colander
25 import colander
26 import copy
26 import logging
27 import logging
27 import time
28 import time
28 import traceback
29 import traceback
@@ -109,6 +110,10 b' class RhodeCodeAuthPluginBase(object):'
109 colander.List: 'list',
110 colander.List: 'list',
110 }
111 }
111
112
113 # list of keys in settings that are unsafe to be logged, should be passwords
114 # or other crucial credentials
115 _settings_unsafe_keys = []
116
112 def __init__(self, plugin_id):
117 def __init__(self, plugin_id):
113 self._plugin_id = plugin_id
118 self._plugin_id = plugin_id
114
119
@@ -199,13 +204,23 b' class RhodeCodeAuthPluginBase(object):'
199 settings[node.name] = self.get_setting_by_name(node.name)
204 settings[node.name] = self.get_setting_by_name(node.name)
200 return settings
205 return settings
201
206
207 def log_safe_settings(self, settings):
208 """
209 returns a log safe representation of settings, without any secrets
210 """
211 settings_copy = copy.deepcopy(settings)
212 for k in self._settings_unsafe_keys:
213 if k in settings_copy:
214 del settings_copy[k]
215 return settings_copy
216
202 @property
217 @property
203 def validators(self):
218 def validators(self):
204 """
219 """
205 Exposes RhodeCode validators modules
220 Exposes RhodeCode validators modules
206 """
221 """
207 # this is a hack to overcome issues with pylons threadlocals and
222 # this is a hack to overcome issues with pylons threadlocals and
208 # translator object _() not beein registered properly.
223 # translator object _() not being registered properly.
209 class LazyCaller(object):
224 class LazyCaller(object):
210 def __init__(self, name):
225 def __init__(self, name):
211 self.validator_name = name
226 self.validator_name = name
@@ -559,7 +574,8 b' def authenticate(username, password, env'
559
574
560 # load plugin settings from RhodeCode database
575 # load plugin settings from RhodeCode database
561 plugin_settings = plugin.get_settings()
576 plugin_settings = plugin.get_settings()
562 log.debug('Plugin settings:%s', plugin_settings)
577 plugin_sanitized_settings = plugin.log_safe_settings(plugin_settings)
578 log.debug('Plugin settings:%s', plugin_sanitized_settings)
563
579
564 log.debug('Trying authentication using ** %s **', plugin.get_id())
580 log.debug('Trying authentication using ** %s **', plugin.get_id())
565 # use plugin's method of user extraction.
581 # use plugin's method of user extraction.
General Comments 0
You need to be logged in to leave comments. Login now