Skip to content

E
edx-platform
Commit 433477ab by Joshua Spayd
Options

Hide passwords in register/login crash reports 

Includes code for testing to be removed in the next commit.
parent 0365712b
Showing with 54 additions and 0 deletions
lms/envs/devstack.py
...@@ -277,3 +277,6 @@ if os.path.isfile(join(dirname(abspath(__file__)), 'private.py')): ...@@ -277,3 +277,6 @@ if os.path.isfile(join(dirname(abspath(__file__)), 'private.py')):
MODULESTORE = convert_module_store_setting_if_needed(MODULESTORE) MODULESTORE = convert_module_store_setting_if_needed(MODULESTORE)
SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd' SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
# Begin test code
ADMINS=[('Name', 'test@example.com')]
# End test code
openedx/core/djangoapps/user_api/views.py
...@@ -9,6 +9,7 @@ from django.http import HttpResponse, HttpResponseForbidden ...@@ -9,6 +9,7 @@ from django.http import HttpResponse, HttpResponseForbidden
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.views.decorators.csrf import csrf_exempt, csrf_protect, ensure_csrf_cookie from django.views.decorators.csrf import csrf_exempt, csrf_protect, ensure_csrf_cookie
from django.views.decorators.debug import sensitive_post_parameters
from django_countries import countries from django_countries import countries
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from opaque_keys import InvalidKeyError from opaque_keys import InvalidKeyError
...@@ -44,6 +45,32 @@ from .models import UserPreference, UserProfile ...@@ -44,6 +45,32 @@ from .models import UserPreference, UserProfile
from .preferences.api import get_country_time_zones, update_email_opt_in from .preferences.api import get_country_time_zones, update_email_opt_in
from .serializers import CountryTimeZoneSerializer, UserPreferenceSerializer, UserSerializer from .serializers import CountryTimeZoneSerializer, UserPreferenceSerializer, UserSerializer
# Begin test code
import sys
import traceback
from django.core import mail
from django.views.debug import ExceptionReporter
from django.views.debug import SafeExceptionReporterFilter
# Necessary for testing because SafeExceptionReporterFilter is only active in production mode
class CustomExceptionReporterFilter(SafeExceptionReporterFilter):
def is_active(self, request):
return True
def send_manually_exception_email(request, e):
exc_info = sys.exc_info()
reporter = ExceptionReporter(request, is_email=True, *exc_info)
reporter.filter = CustomExceptionReporterFilter()
subject = e.message.replace('\n', '\\n').replace('\r', '\\r')[:989]
message = "%s\n\n%s" % (
'\n'.join(traceback.format_exception(*exc_info)),
reporter.filter.get_request_repr(request)
)
mail.mail_admins(
subject, message, fail_silently=True,
html_message=reporter.get_traceback_html()
)
# End test code
class LoginSessionView(APIView): class LoginSessionView(APIView):
"""HTTP end-points for logging in users. """ """HTTP end-points for logging in users. """
...@@ -122,6 +149,14 @@ class LoginSessionView(APIView): ...@@ -122,6 +149,14 @@ class LoginSessionView(APIView):
@method_decorator(require_post_params(["email", "password"])) @method_decorator(require_post_params(["email", "password"]))
@method_decorator(csrf_protect) @method_decorator(csrf_protect)
def post(self, request): def post(self, request):
# Begin test code
try:
raise Exception
except Exception as e:
request.META['SERVER_NAME'] = 'blah'
request.META['SERVER_PORT'] = 18010
send_manually_exception_email(request, e)
# End test code
"""Log in a user. """Log in a user.
You must send all required form fields with the request. You must send all required form fields with the request.
...@@ -156,6 +191,10 @@ class LoginSessionView(APIView): ...@@ -156,6 +191,10 @@ class LoginSessionView(APIView):
from student.views import login_user from student.views import login_user
return shim_student_view(login_user, check_logged_in=True)(request) return shim_student_view(login_user, check_logged_in=True)(request)
@method_decorator(sensitive_post_parameters("password"))
def dispatch(self, request, *args, **kwargs):
return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
class RegistrationView(APIView): class RegistrationView(APIView):
"""HTTP end-points for creating a new user. """ """HTTP end-points for creating a new user. """
...@@ -308,6 +347,14 @@ class RegistrationView(APIView): ...@@ -308,6 +347,14 @@ class RegistrationView(APIView):
@method_decorator(csrf_exempt) @method_decorator(csrf_exempt)
def post(self, request): def post(self, request):
# Begin test code
try:
raise Exception
except Exception as e:
request.META['SERVER_NAME'] = 'blah'
request.META['SERVER_PORT'] = 18010
send_manually_exception_email(request, e)
# End test code
"""Create the user's account. """Create the user's account.
You must send all required form fields with the request. You must send all required form fields with the request.
...@@ -381,6 +428,10 @@ class RegistrationView(APIView): ...@@ -381,6 +428,10 @@ class RegistrationView(APIView):
set_logged_in_cookies(request, response, user) set_logged_in_cookies(request, response, user)
return response return response
@method_decorator(sensitive_post_parameters("password"))
def dispatch(self, request, *args, **kwargs):
return super(RegistrationView, self).dispatch(request, *args, **kwargs)
def _add_email_field(self, form_desc, required=True): def _add_email_field(self, form_desc, required=True):
"""Add an email field to a form description. """Add an email field to a form description.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment