From 8d23c5d15328e75d8b873339df77615377a98d50 Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Wed, 18 Sep 2019 11:04:24 +0800
Subject: [PATCH] mgr/dashboard: do not log tokens

sensitive information should not go to logging messages.

see https://tracker.ceph.com/issues/41320

Signed-off-by: Kefu Chai <kchai@redhat.com>
---
 src/pybind/mgr/dashboard/controllers/auth.py  | 1 -
 src/pybind/mgr/dashboard/controllers/saml2.py | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py
index 90752a03f4d40..d98c1387c0626 100644
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -21,7 +21,6 @@ class Auth(RESTController):
             logger.debug('Login successful')
             token = JwtManager.gen_token(username)
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             cherrypy.response.headers['Authorization'] = "Bearer: {}".format(token)
             return {
                 'token': token,
diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py
index a0ad345b1c99e..4bafc6933ac99 100644
--- a/src/pybind/mgr/dashboard/controllers/saml2.py
+++ b/src/pybind/mgr/dashboard/controllers/saml2.py
@@ -12,7 +12,7 @@ try:
 except ImportError:
     python_saml_imported = False
 
-from .. import mgr, logger
+from .. import mgr
 from ..exceptions import UserDoesNotExist
 from ..services.auth import JwtManager
 from ..tools import prepare_url_prefix
@@ -70,7 +70,6 @@ class Saml2(BaseController):
             token = JwtManager.gen_token(username)
             JwtManager.set_user(JwtManager.decode_token(token))
             token = token.decode('utf-8')
-            logger.debug("JWT Token: %s", token)
             raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token))
 
         return {
-- 
2.39.5