1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00

hide client_secret from API

This commit is contained in:
adamscmRH 2018-08-09 11:27:39 -04:00
parent 86a1f9c0ad
commit 1bc83b488b
4 changed files with 15 additions and 8 deletions

View File

@ -44,7 +44,7 @@ from awx.main.constants import (
SCHEDULEABLE_PROVIDERS,
ANSI_SGR_PATTERN,
ACTIVE_STATES,
TOKEN_CENSOR,
CENSOR_VALUE,
CHOICES_PRIVILEGE_ESCALATION_METHODS,
)
from awx.main.models import * # noqa
@ -1021,7 +1021,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
if request.method == 'POST':
return obj.token
else:
return TOKEN_CENSOR
return CENSOR_VALUE
except ObjectDoesNotExist:
return ''
@ -1033,7 +1033,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
elif request.method == 'POST':
return getattr(obj.refresh_token, 'token', '')
else:
return TOKEN_CENSOR
return CENSOR_VALUE
except ObjectDoesNotExist:
return None
@ -1181,6 +1181,9 @@ class OAuth2ApplicationSerializer(BaseSerializer):
def to_representation(self, obj):
ret = super(OAuth2ApplicationSerializer, self).to_representation(obj)
request = self.context.get('request', None)
if request.method != 'POST' and obj.client_type == 'confidential':
ret['client_secret'] = CENSOR_VALUE
if obj.client_type == 'public':
ret.pop('client_secret', None)
return ret
@ -1201,7 +1204,7 @@ class OAuth2ApplicationSerializer(BaseSerializer):
return obj.updated
def _summary_field_tokens(self, obj):
token_list = [{'id': x.pk, 'token': TOKEN_CENSOR, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
token_list = [{'id': x.pk, 'token': CENSOR_VALUE, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
if has_model_field_prefetched(obj, 'oauth2accesstoken_set'):
token_count = len(obj.oauth2accesstoken_set.all())
else:

View File

@ -1601,6 +1601,10 @@ class OAuth2ApplicationDetail(RetrieveUpdateDestroyAPIView):
serializer_class = OAuth2ApplicationSerializer
swagger_topic = 'Authentication'
def update_raw_data(self, data):
data.pop('client_secret', None)
return super(OAuth2ApplicationDetail, self).update_raw_data(data)
class ApplicationOAuth2TokenList(SubListCreateAPIView):

View File

@ -28,4 +28,4 @@ STANDARD_INVENTORY_UPDATE_ENV = {
}
CAN_CANCEL = ('new', 'pending', 'waiting', 'running')
ACTIVE_STATES = CAN_CANCEL
TOKEN_CENSOR = '************'
CENSOR_VALUE = '************'

View File

@ -33,7 +33,7 @@ import six
# AWX
from awx.main.models import * # noqa
from awx.api.serializers import * # noqa
from awx.main.constants import TOKEN_CENSOR
from awx.main.constants import CENSOR_VALUE
from awx.main.utils import model_instance_diff, model_to_dict, camelcase_to_underscore, get_current_apps
from awx.main.utils import ignore_inventory_computed_fields, ignore_inventory_group_removal, _inventory_updates
from awx.main.tasks import update_inventory_computed_fields
@ -428,7 +428,7 @@ def activity_stream_create(sender, instance, created, **kwargs):
if 'extra_vars' in changes:
changes['extra_vars'] = instance.display_extra_vars()
if type(instance) == OAuth2AccessToken:
changes['token'] = TOKEN_CENSOR
changes['token'] = CENSOR_VALUE
activity_entry = get_activity_stream_class()(
operation='create',
object1=object1,
@ -495,7 +495,7 @@ def activity_stream_delete(sender, instance, **kwargs):
changes = model_to_dict(instance)
object1 = camelcase_to_underscore(instance.__class__.__name__)
if type(instance) == OAuth2AccessToken:
changes['token'] = TOKEN_CENSOR
changes['token'] = CENSOR_VALUE
activity_entry = get_activity_stream_class()(
operation='delete',
changes=json.dumps(changes),