When doing a http POST against the /api/token-auth/ endpoint, the username, password and resulting token gets written to the log file (all the POST data, and the content of the http response).
Ideally, those values should be removed from the data, while preserving the rest of the content.
I've written a unit test that checks for the presence of those values in the log, in this branch.
terjekv
commented
1 year ago
When doing a http POST against the
/api/token-auth/endpoint, the username, password and resulting token gets written to the log file (all the POST data, and the content of the http response). Ideally, those values should be removed from the data, while preserving the rest of the content.I've written a unit test that checks for the presence of those values in the log, in this branch.