archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Security: don't log subclient token.

Browse Source
This commit is contained in:
Sybren A. Stüvel
2016-04-12 16:05:37 +02:00
parent aeee165ad8
commit bd8e0e56a4
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/application/modules/blender_id.py
View File

@@ -62,7 +62,7 @@ def validate_subclient_token(user_id, scst):
client_id = current_app.config['BLENDER_ID_CLIENT_ID'] client_id = current_app.config['BLENDER_ID_CLIENT_ID']
subclient_id = current_app.config['BLENDER_ID_SUBCLIENT_ID'] subclient_id = current_app.config['BLENDER_ID_SUBCLIENT_ID']
log.debug('Validating subclient token %s for Blender ID user %s', scst, user_id) log.debug('Validating subclient token for Blender ID user %s', user_id)
payload = {'client_id': client_id, payload = {'client_id': client_id,
'subclient_id': subclient_id, 'subclient_id': subclient_id,
'user_id': user_id, 'user_id': user_id,

1
tests/test_blender_id_subclient.py
View File

@@ -42,6 +42,7 @@ class BlenderIdSubclientTest(AbstractPillarTest):
user_info = json.loads(resp.data) # {'status': 'success', 'subclient_user_id': '...'} user_info = json.loads(resp.data) # {'status': 'success', 'subclient_user_id': '...'}
self.assertEqual('success', user_info['status']) self.assertEqual('success', user_info['status'])
# Check that the user was correctly updated # Check that the user was correctly updated
with self.app.test_request_context(): with self.app.test_request_context():
users = self.app.data.driver.db['users'] users = self.app.data.driver.db['users']