Censor X-Auth-Token header and password in body request from logs

hpcugent / vsc-base

Basic Python libraries used by UGent's HPC group

Other

14 stars 51 forks source link

Censor X-Auth-Token header and password in body request from logs #328

Closed lexming closed 2 years ago

lexming commented 2 years ago

The REST API of OceanStor does not use the conventional Authorization header. Instead it uses:

a first request with user/password in the body of the message
all subsequent requests use a X-Auth-Token header

Censor both secrets from the logs of the REST client. To censor secrets in the body, it has to be passed unserialized to requests(). Serialized bodies are treated as usual.

stdweird commented 2 years ago

@lexming can you rebase on master and bump the version again?

lexming commented 2 years ago

@stdweird this PR is ready, however the tests have been broken by https://github.com/hpcugent/vsc-base/pull/329 , can you fix them?