Access token in server logs

reanahub / reana-server

REANA API server

http://reana-server.readthedocs.io/

MIT License

5 stars 37 forks source link

Access token in server logs #140

Closed roksys closed 4 years ago

roksys commented 5 years ago

Server logs contains an access token. I don't think it should be there because of security concerns.

$ kubectl logs server-66f4d75c47-4pvrz  server
DB Created.
Created 1st user with access_token: 4CwqoZS8JEAT5uHI8sd8TpTx3S1ULSsSfNk9VIEKc54
 * Serving Flask app "/code/reana_server/app.py" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 348-731-149

tiborsimko commented 5 years ago

Since reana-cluster has now access to the DB since some time, we can remove that bit indeed, and rather show the user email there instead.

tiborsimko commented 5 years ago

Note that I'm using the presence of ^Created 1st user string in the pod output in the CI workflow in order to determine when the REANA cluster is ready for running examples. Hence, if we change the leading text, we'd have to remember to also change it there.