mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 06:51:10 +03:00
hide client_secret from API
This commit is contained in:
parent
86a1f9c0ad
commit
1bc83b488b
@ -44,7 +44,7 @@ from awx.main.constants import (
|
||||
SCHEDULEABLE_PROVIDERS,
|
||||
ANSI_SGR_PATTERN,
|
||||
ACTIVE_STATES,
|
||||
TOKEN_CENSOR,
|
||||
CENSOR_VALUE,
|
||||
CHOICES_PRIVILEGE_ESCALATION_METHODS,
|
||||
)
|
||||
from awx.main.models import * # noqa
|
||||
@ -1021,7 +1021,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
|
||||
if request.method == 'POST':
|
||||
return obj.token
|
||||
else:
|
||||
return TOKEN_CENSOR
|
||||
return CENSOR_VALUE
|
||||
except ObjectDoesNotExist:
|
||||
return ''
|
||||
|
||||
@ -1033,7 +1033,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
|
||||
elif request.method == 'POST':
|
||||
return getattr(obj.refresh_token, 'token', '')
|
||||
else:
|
||||
return TOKEN_CENSOR
|
||||
return CENSOR_VALUE
|
||||
except ObjectDoesNotExist:
|
||||
return None
|
||||
|
||||
@ -1181,6 +1181,9 @@ class OAuth2ApplicationSerializer(BaseSerializer):
|
||||
|
||||
def to_representation(self, obj):
|
||||
ret = super(OAuth2ApplicationSerializer, self).to_representation(obj)
|
||||
request = self.context.get('request', None)
|
||||
if request.method != 'POST' and obj.client_type == 'confidential':
|
||||
ret['client_secret'] = CENSOR_VALUE
|
||||
if obj.client_type == 'public':
|
||||
ret.pop('client_secret', None)
|
||||
return ret
|
||||
@ -1201,7 +1204,7 @@ class OAuth2ApplicationSerializer(BaseSerializer):
|
||||
return obj.updated
|
||||
|
||||
def _summary_field_tokens(self, obj):
|
||||
token_list = [{'id': x.pk, 'token': TOKEN_CENSOR, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
|
||||
token_list = [{'id': x.pk, 'token': CENSOR_VALUE, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
|
||||
if has_model_field_prefetched(obj, 'oauth2accesstoken_set'):
|
||||
token_count = len(obj.oauth2accesstoken_set.all())
|
||||
else:
|
||||
|
@ -1601,6 +1601,10 @@ class OAuth2ApplicationDetail(RetrieveUpdateDestroyAPIView):
|
||||
serializer_class = OAuth2ApplicationSerializer
|
||||
swagger_topic = 'Authentication'
|
||||
|
||||
def update_raw_data(self, data):
|
||||
data.pop('client_secret', None)
|
||||
return super(OAuth2ApplicationDetail, self).update_raw_data(data)
|
||||
|
||||
|
||||
class ApplicationOAuth2TokenList(SubListCreateAPIView):
|
||||
|
||||
|
@ -28,4 +28,4 @@ STANDARD_INVENTORY_UPDATE_ENV = {
|
||||
}
|
||||
CAN_CANCEL = ('new', 'pending', 'waiting', 'running')
|
||||
ACTIVE_STATES = CAN_CANCEL
|
||||
TOKEN_CENSOR = '************'
|
||||
CENSOR_VALUE = '************'
|
||||
|
@ -33,7 +33,7 @@ import six
|
||||
# AWX
|
||||
from awx.main.models import * # noqa
|
||||
from awx.api.serializers import * # noqa
|
||||
from awx.main.constants import TOKEN_CENSOR
|
||||
from awx.main.constants import CENSOR_VALUE
|
||||
from awx.main.utils import model_instance_diff, model_to_dict, camelcase_to_underscore, get_current_apps
|
||||
from awx.main.utils import ignore_inventory_computed_fields, ignore_inventory_group_removal, _inventory_updates
|
||||
from awx.main.tasks import update_inventory_computed_fields
|
||||
@ -428,7 +428,7 @@ def activity_stream_create(sender, instance, created, **kwargs):
|
||||
if 'extra_vars' in changes:
|
||||
changes['extra_vars'] = instance.display_extra_vars()
|
||||
if type(instance) == OAuth2AccessToken:
|
||||
changes['token'] = TOKEN_CENSOR
|
||||
changes['token'] = CENSOR_VALUE
|
||||
activity_entry = get_activity_stream_class()(
|
||||
operation='create',
|
||||
object1=object1,
|
||||
@ -495,7 +495,7 @@ def activity_stream_delete(sender, instance, **kwargs):
|
||||
changes = model_to_dict(instance)
|
||||
object1 = camelcase_to_underscore(instance.__class__.__name__)
|
||||
if type(instance) == OAuth2AccessToken:
|
||||
changes['token'] = TOKEN_CENSOR
|
||||
changes['token'] = CENSOR_VALUE
|
||||
activity_entry = get_activity_stream_class()(
|
||||
operation='delete',
|
||||
changes=json.dumps(changes),
|
||||
|
Loading…
Reference in New Issue
Block a user