remove /login from tracking logs so we don't capture passwords

e5ca9618 · David Ormsbee · 79c1cf19 · e5ca9618 · e5ca9618
Commit e5ca9618 authored Jan 26, 2012 by David Ormsbee
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

auth/views.py
+2 -0

track/middleware.py
+4 -3

No files found.
--- a/auth/views.py
+++ b/auth/views.py
@@ -74,8 +74,10 @@ def login_user(request, error=""):
            log.critical("Login failed - Could not create session. Is memcached running?")
            log.exception(e)

+        log.info("Login success - {0} ({1})".format(username, email))
        return HttpResponse(json.dumps({'success':True}))

+    log.warning("Login failed - Account not active for user {0}".format(username))
    return HttpResponse(json.dumps({'success':False, 
                                    'error': 'Account not active. Check your e-mail.'}))


--- a/track/middleware.py
+++ b/track/middleware.py
@@ -5,10 +5,11 @@ from django.conf import settings
 import views

 class TrackMiddleware:
-    def process_request (self, request):
+    def process_request(self, request):
        try:
-            # We're already logging events
-            if request.META['PATH_INFO'] == '/event':
+            # We're already logging events, and we don't want to capture user
+            # names/passwords.
+            if request.META['PATH_INFO'] in ['/event', '/login']:
                return
            
            event = { 'GET'  : dict(request.GET),