External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-09 12:09:20 -02:30
Code Issues Packages Projects Releases Wiki Activity

properly filter User.password from ActivityStream entries

Browse Source 
see: #6160
This commit is contained in:
Ryan Petrello
2017-05-09 14:46:05 -04:00
parent b7438288cc
commit f7660e1778
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
awx/main/tests/functional/models/test_activity_stream.py
View File

@@ -131,3 +131,12 @@ class TestCredentialModels:
entry = ActivityStream.objects.filter(credential=cred)[0] entry = ActivityStream.objects.filter(credential=cred)[0]
assert entry.operation == 'create' assert entry.operation == 'create'
assert json.loads(entry.changes)['inputs'] == 'hidden' assert json.loads(entry.changes)['inputs'] == 'hidden'
@pytest.mark.django_db
class TestUserModels:
def test_user_hidden_information(self, alice):
entry = ActivityStream.objects.filter(user=alice)[0]
assert entry.operation == 'create'
assert json.loads(entry.changes)['password'] == 'hidden'

8
awx/main/utils/common.py
View File

@@ -381,6 +381,7 @@ def model_instance_diff(old, new, serializer_mapping=None):
""" """
from django.db.models import Model from django.db.models import Model
from awx.main.models.credential import Credential from awx.main.models.credential import Credential
PASSWORD_FIELDS = ['password'] + Credential.PASSWORD_FIELDS
if not(old is None or isinstance(old, Model)): if not(old is None or isinstance(old, Model)):
raise TypeError('The supplied old instance is not a valid model instance.') raise TypeError('The supplied old instance is not a valid model instance.')
@@ -395,13 +396,13 @@ def model_instance_diff(old, new, serializer_mapping=None):
old_value = getattr(old, field, None) old_value = getattr(old, field, None)
new_value = getattr(new, field, None) new_value = getattr(new, field, None)
if old_value != new_value and field not in Credential.PASSWORD_FIELDS: if old_value != new_value and field not in PASSWORD_FIELDS:
if type(old_value) not in (bool, int, type(None)): if type(old_value) not in (bool, int, type(None)):
old_value = smart_str(old_value) old_value = smart_str(old_value)
if type(new_value) not in (bool, int, type(None)): if type(new_value) not in (bool, int, type(None)):
new_value = smart_str(new_value) new_value = smart_str(new_value)
diff[field] = (old_value, new_value) diff[field] = (old_value, new_value)
elif old_value != new_value and field in Credential.PASSWORD_FIELDS: elif old_value != new_value and field in PASSWORD_FIELDS:
diff[field] = (u"hidden", u"hidden") diff[field] = (u"hidden", u"hidden")
if len(diff) == 0: if len(diff) == 0:
@@ -417,6 +418,7 @@ def model_to_dict(obj, serializer_mapping=None):
When provided, read-only fields will not be included in the resulting dictionary When provided, read-only fields will not be included in the resulting dictionary
""" """
from awx.main.models.credential import Credential from awx.main.models.credential import Credential
PASSWORD_FIELDS = ['password'] + Credential.PASSWORD_FIELDS
attr_d = {} attr_d = {}
allowed_fields = get_allowed_fields(obj, serializer_mapping) allowed_fields = get_allowed_fields(obj, serializer_mapping)
@@ -424,7 +426,7 @@ def model_to_dict(obj, serializer_mapping=None):
for field in obj._meta.fields: for field in obj._meta.fields:
if field.name not in allowed_fields: if field.name not in allowed_fields:
continue continue
if field.name not in Credential.PASSWORD_FIELDS: if field.name not in PASSWORD_FIELDS:
field_val = getattr(obj, field.name, None) field_val = getattr(obj, field.name, None)
if type(field_val) not in (bool, int, type(None)): if type(field_val) not in (bool, int, type(None)):
attr_d[field.name] = smart_str(field_val) attr_d[field.name] = smart_str(field_val)