Merge pull request #430 from Unrud/mask_passwords
Don't include passwords in logs
This commit is contained in:
commit
ba4b08f83e
3
config
3
config
@ -116,6 +116,9 @@
|
|||||||
# Store all environment variables (including those set in the shell)
|
# Store all environment variables (including those set in the shell)
|
||||||
#full_environment = False
|
#full_environment = False
|
||||||
|
|
||||||
|
# Don't include passwords in logs
|
||||||
|
#mask_passwords = True
|
||||||
|
|
||||||
|
|
||||||
[headers]
|
[headers]
|
||||||
|
|
||||||
|
@ -119,20 +119,20 @@ class Application:
|
|||||||
self.Collection = storage.load(configuration, logger)
|
self.Collection = storage.load(configuration, logger)
|
||||||
self.authorized = rights.load(configuration, logger)
|
self.authorized = rights.load(configuration, logger)
|
||||||
self.encoding = configuration.get("encoding", "request")
|
self.encoding = configuration.get("encoding", "request")
|
||||||
if configuration.getboolean("logging", "full_environment"):
|
|
||||||
self.headers_log = lambda environ: environ
|
|
||||||
|
|
||||||
# This method is overriden in __init__ if full_environment is set
|
def headers_log(self, environ):
|
||||||
# pylint: disable=E0202
|
"""Sanitize headers for logging."""
|
||||||
@staticmethod
|
|
||||||
def headers_log(environ):
|
|
||||||
"""Remove environment variables from the headers for logging."""
|
|
||||||
request_environ = dict(environ)
|
request_environ = dict(environ)
|
||||||
for shell_variable in os.environ:
|
# Remove environment variables
|
||||||
if shell_variable in request_environ:
|
if not self.configuration.getboolean("logging", "full_environment"):
|
||||||
del request_environ[shell_variable]
|
for shell_variable in os.environ:
|
||||||
|
request_environ.pop(shell_variable, None)
|
||||||
|
# Mask credentials
|
||||||
|
if (self.configuration.getboolean("logging", "mask_passwords") and
|
||||||
|
request_environ.get("HTTP_AUTHORIZATION",
|
||||||
|
"").startswith("Basic")):
|
||||||
|
request_environ["HTTP_AUTHORIZATION"] = "Basic **masked**"
|
||||||
return request_environ
|
return request_environ
|
||||||
# pylint: enable=E0202
|
|
||||||
|
|
||||||
def decode(self, text, environ):
|
def decode(self, text, environ):
|
||||||
"""Try to magically decode ``text`` according to given ``environ``."""
|
"""Try to magically decode ``text`` according to given ``environ``."""
|
||||||
|
@ -63,7 +63,8 @@ INITIAL_CONFIG = {
|
|||||||
"logging": {
|
"logging": {
|
||||||
"config": "/etc/radicale/logging",
|
"config": "/etc/radicale/logging",
|
||||||
"debug": "False",
|
"debug": "False",
|
||||||
"full_environment": "False"}}
|
"full_environment": "False",
|
||||||
|
"mask_passwords": "True"}}
|
||||||
|
|
||||||
|
|
||||||
def load(paths=()):
|
def load(paths=()):
|
||||||
|
Loading…
Reference in New Issue
Block a user