From: Kefu Chai Date: Wed, 18 Sep 2019 03:04:24 +0000 (+0800) Subject: mgr/dashboard: do not log tokens X-Git-Tag: v14.2.5~21^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=212750b05dac8d0c8741a3ce2cf1470b1bade95d;p=ceph.git mgr/dashboard: do not log tokens sensitive information should not go to logging messages. see https://tracker.ceph.com/issues/41320 Signed-off-by: Kefu Chai (cherry picked from commit 8d23c5d15328e75d8b873339df77615377a98d50) --- diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py index 7d145adcfed..f1c6545a175 100644 --- a/src/pybind/mgr/dashboard/controllers/auth.py +++ b/src/pybind/mgr/dashboard/controllers/auth.py @@ -23,7 +23,6 @@ class Auth(RESTController): logger.debug('Login successful') token = JwtManager.gen_token(username) token = token.decode('utf-8') - logger.debug("JWT Token: %s", token) cherrypy.response.headers['Authorization'] = "Bearer: {}".format(token) return { 'token': token, diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py index 51bda8e8d62..f007f691cc5 100644 --- a/src/pybind/mgr/dashboard/controllers/saml2.py +++ b/src/pybind/mgr/dashboard/controllers/saml2.py @@ -13,7 +13,7 @@ try: except ImportError: python_saml_imported = False -from .. import mgr, logger +from .. import mgr from ..exceptions import UserDoesNotExist from ..services.auth import JwtManager from ..tools import prepare_url_prefix @@ -73,7 +73,6 @@ class Saml2(BaseController): token = JwtManager.gen_token(username) JwtManager.set_user(JwtManager.decode_token(token)) token = token.decode('utf-8') - logger.debug("JWT Token: %s", token) raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token)) else: return {