##// END OF EJS Templates
auth-plugins: add mechanismy to remove secrets from plugin logs....
marcink -
r1631:73a21507 stable
parent child Browse files
Show More
@@ -23,6 +23,7 b' Authentication modules'
23 23 """
24 24
25 25 import colander
26 import copy
26 27 import logging
27 28 import time
28 29 import traceback
@@ -109,6 +110,10 b' class RhodeCodeAuthPluginBase(object):'
109 110 colander.List: 'list',
110 111 }
111 112
113 # list of keys in settings that are unsafe to be logged, should be passwords
114 # or other crucial credentials
115 _settings_unsafe_keys = []
116
112 117 def __init__(self, plugin_id):
113 118 self._plugin_id = plugin_id
114 119
@@ -199,13 +204,23 b' class RhodeCodeAuthPluginBase(object):'
199 204 settings[node.name] = self.get_setting_by_name(node.name)
200 205 return settings
201 206
207 def log_safe_settings(self, settings):
208 """
209 returns a log safe representation of settings, without any secrets
210 """
211 settings_copy = copy.deepcopy(settings)
212 for k in self._settings_unsafe_keys:
213 if k in settings_copy:
214 del settings_copy[k]
215 return settings_copy
216
202 217 @property
203 218 def validators(self):
204 219 """
205 220 Exposes RhodeCode validators modules
206 221 """
207 222 # this is a hack to overcome issues with pylons threadlocals and
208 # translator object _() not beein registered properly.
223 # translator object _() not being registered properly.
209 224 class LazyCaller(object):
210 225 def __init__(self, name):
211 226 self.validator_name = name
@@ -559,7 +574,8 b' def authenticate(username, password, env'
559 574
560 575 # load plugin settings from RhodeCode database
561 576 plugin_settings = plugin.get_settings()
562 log.debug('Plugin settings:%s', plugin_settings)
577 plugin_sanitized_settings = plugin.log_safe_settings(plugin_settings)
578 log.debug('Plugin settings:%s', plugin_sanitized_settings)
563 579
564 580 log.debug('Trying authentication using ** %s **', plugin.get_id())
565 581 # use plugin's method of user extraction.
General Comments 0
You need to be logged in to leave comments. Login now