mgr/dashboard: do not log tokens

sensitive information should not go to logging messages.

see https://tracker.ceph.com/issues/41320

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py
index 90752a03f4d401a2537b9e1371ba4fb364bbd781..d98c1387c06262ec2f3a8070b454e1e94a9b4d64 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -21,7 +21,6 @@ class Auth(RESTController):
             logger.debug('Login successful')
             token = JwtManager.gen_token(username)
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             cherrypy.response.headers['Authorization'] = "Bearer: {}".format(token)
             return {
                 'token': token,

diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py
index a0ad345b1c99ef173096a7bde48104f6cd92e33e..4bafc6933ac99e919ed3a5c0c0ddeddcc6181273 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/saml2.py
+++ b/src/pybind/mgr/dashboard/controllers/saml2.py
@@ -12,7 +12,7 @@ try:
 except ImportError:
     python_saml_imported = False
 
-from .. import mgr, logger
+from .. import mgr
 from ..exceptions import UserDoesNotExist
 from ..services.auth import JwtManager
 from ..tools import prepare_url_prefix
@@ -70,7 +70,6 @@ class Saml2(BaseController):
             token = JwtManager.gen_token(username)
             JwtManager.set_user(JwtManager.decode_token(token))
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token))
 
         return {