Merge pull request #15586 from jspayd/hide-passwords-upstream

Hide passwords in crash reports

Merge pull request #15586 from jspayd/hide-passwords-upstream
Hide passwords in crash reports
141c0af0 · George Song · GitHub · 42fffdfa · 97d5e3d8 · 141c0af0
Commit 141c0af0 authored Jul 20, 2017 by George Song Committed by GitHub Jul 20, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

openedx/core/djangoapps/user_api/views.py
+9 -0

No files found.
--- a/openedx/core/djangoapps/user_api/views.py
+++ b/openedx/core/djangoapps/user_api/views.py
@@ -9,6 +9,7 @@ from django.http import HttpResponse, HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
 from django.views.decorators.csrf import csrf_exempt, csrf_protect, ensure_csrf_cookie
+from django.views.decorators.debug import sensitive_post_parameters
 from django_countries import countries
 from django_filters.rest_framework import DjangoFilterBackend
 from opaque_keys import InvalidKeyError
@@ -156,6 +157,10 @@ class LoginSessionView(APIView):
        from student.views import login_user
        return shim_student_view(login_user, check_logged_in=True)(request)

+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
+

 class RegistrationView(APIView):
    """HTTP end-points for creating a new user. """
@@ -381,6 +386,10 @@ class RegistrationView(APIView):
        set_logged_in_cookies(request, response, user)
        return response

+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(RegistrationView, self).dispatch(request, *args, **kwargs)
+
    def _add_email_field(self, form_desc, required=True):
        """Add an email field to a form description.