diff --git a/awx/api/serializers.py b/awx/api/serializers.py index d0ab6610db..815ceeaf75 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -44,7 +44,7 @@ from awx.main.constants import ( SCHEDULEABLE_PROVIDERS, ANSI_SGR_PATTERN, ACTIVE_STATES, - TOKEN_CENSOR, + CENSOR_VALUE, CHOICES_PRIVILEGE_ESCALATION_METHODS, ) from awx.main.models import * # noqa @@ -1021,7 +1021,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer): if request.method == 'POST': return obj.token else: - return TOKEN_CENSOR + return CENSOR_VALUE except ObjectDoesNotExist: return '' @@ -1033,7 +1033,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer): elif request.method == 'POST': return getattr(obj.refresh_token, 'token', '') else: - return TOKEN_CENSOR + return CENSOR_VALUE except ObjectDoesNotExist: return None @@ -1181,6 +1181,9 @@ class OAuth2ApplicationSerializer(BaseSerializer): def to_representation(self, obj): ret = super(OAuth2ApplicationSerializer, self).to_representation(obj) + request = self.context.get('request', None) + if request.method != 'POST' and obj.client_type == 'confidential': + ret['client_secret'] = CENSOR_VALUE if obj.client_type == 'public': ret.pop('client_secret', None) return ret @@ -1201,7 +1204,7 @@ class OAuth2ApplicationSerializer(BaseSerializer): return obj.updated def _summary_field_tokens(self, obj): - token_list = [{'id': x.pk, 'token': TOKEN_CENSOR, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]] + token_list = [{'id': x.pk, 'token': CENSOR_VALUE, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]] if has_model_field_prefetched(obj, 'oauth2accesstoken_set'): token_count = len(obj.oauth2accesstoken_set.all()) else: diff --git a/awx/api/views.py b/awx/api/views.py index e241a692c2..1692968c75 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1601,6 +1601,10 @@ class OAuth2ApplicationDetail(RetrieveUpdateDestroyAPIView): serializer_class = OAuth2ApplicationSerializer swagger_topic = 'Authentication' + def update_raw_data(self, data): + data.pop('client_secret', None) + return super(OAuth2ApplicationDetail, self).update_raw_data(data) + class ApplicationOAuth2TokenList(SubListCreateAPIView): diff --git a/awx/main/constants.py b/awx/main/constants.py index 98802f5ef0..3a92dfc18f 100644 --- a/awx/main/constants.py +++ b/awx/main/constants.py @@ -28,4 +28,4 @@ STANDARD_INVENTORY_UPDATE_ENV = { } CAN_CANCEL = ('new', 'pending', 'waiting', 'running') ACTIVE_STATES = CAN_CANCEL -TOKEN_CENSOR = '************' +CENSOR_VALUE = '************' diff --git a/awx/main/signals.py b/awx/main/signals.py index a08556285d..1cd56a5697 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -33,7 +33,7 @@ import six # AWX from awx.main.models import * # noqa from awx.api.serializers import * # noqa -from awx.main.constants import TOKEN_CENSOR +from awx.main.constants import CENSOR_VALUE from awx.main.utils import model_instance_diff, model_to_dict, camelcase_to_underscore, get_current_apps from awx.main.utils import ignore_inventory_computed_fields, ignore_inventory_group_removal, _inventory_updates from awx.main.tasks import update_inventory_computed_fields @@ -428,7 +428,7 @@ def activity_stream_create(sender, instance, created, **kwargs): if 'extra_vars' in changes: changes['extra_vars'] = instance.display_extra_vars() if type(instance) == OAuth2AccessToken: - changes['token'] = TOKEN_CENSOR + changes['token'] = CENSOR_VALUE activity_entry = get_activity_stream_class()( operation='create', object1=object1, @@ -495,7 +495,7 @@ def activity_stream_delete(sender, instance, **kwargs): changes = model_to_dict(instance) object1 = camelcase_to_underscore(instance.__class__.__name__) if type(instance) == OAuth2AccessToken: - changes['token'] = TOKEN_CENSOR + changes['token'] = CENSOR_VALUE activity_entry = get_activity_stream_class()( operation='delete', changes=json.dumps(changes),