mgr/dashboard: do not log tokens

sensitive information should not go to logging messages.

see https://tracker.ceph.com/issues/41320

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 8d23c5d15328e75d8b873339df77615377a98d50)

diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py
index 7d145adcfedde2781d47314a8a9dc16e2f76390b..f1c6545a1754e9b52b9938da83f75d8607692c0a 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -23,7 +23,6 @@ class Auth(RESTController):
             logger.debug('Login successful')
             token = JwtManager.gen_token(username)
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             cherrypy.response.headers['Authorization'] = "Bearer: {}".format(token)
             return {
                 'token': token,

diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py
index 51bda8e8d62d09e31338b395bdab4e7148a56fb4..f007f691cc5b9f7caea3af9c3d310e404a3e531e 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/saml2.py
+++ b/src/pybind/mgr/dashboard/controllers/saml2.py
@@ -13,7 +13,7 @@ try:
 except ImportError:
     python_saml_imported = False
 
-from .. import mgr, logger
+from .. import mgr
 from ..exceptions import UserDoesNotExist
 from ..services.auth import JwtManager
 from ..tools import prepare_url_prefix
@@ -73,7 +73,6 @@ class Saml2(BaseController):
             token = JwtManager.gen_token(username)
             JwtManager.set_user(JwtManager.decode_token(token))
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token))
         else:
             return {