Skip to content

Commit

Permalink
Remove verbose OIDC logging
Browse files Browse the repository at this point in the history
  • Loading branch information
@da1910
da1910 committed Jan 2, 2024
1 parent 5a73a41 commit 3dea090
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 55 deletions.
13 changes: 0 additions & 13 deletions src/ansys/openapi/common/_oidc.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import os
from typing import Optional

import keyring
Expand Down Expand Up @@ -53,17 +52,7 @@ def __init__(
self._initial_session = initial_session
self._api_url = initial_response.url

if os.getenv("VERBOSE_TOKEN_DEBUGGING"):
self._log_tokens = True
else:
self._log_tokens = False

logger.debug("Creating OIDC session handler...")
if self._log_tokens:
logger.warning(
"Verbose token debugging is enabled. This will write sensitive information to the log. "
"Do not use this in production."
)

self._authenticate_parameters = self._parse_unauthorized_header(
initial_response
Expand Down Expand Up @@ -129,8 +118,6 @@ def get_session_with_provided_token(self, refresh_token: str) -> requests.Sessio
logger.info("Setting tokens...")
if refresh_token is None:
raise ValueError("Must provide a value for 'refresh_token', not None")
if self._log_tokens:
logger.debug(f"Setting refresh token: {refresh_token}")
try:
state, token, expires_in, new_refresh_token = self._auth.refresh_token(
refresh_token
Expand Down
43 changes: 1 addition & 42 deletions tests/test_oidc.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import json
import logging
from urllib.parse import parse_qs

import pytest
Expand Down Expand Up @@ -43,15 +42,13 @@ def try_parse_and_assert_failed(response):


def get_session_from_mock_factory_with_refresh_token(
refresh_token: str, log_token: bool = None
refresh_token: str
):
mock_factory = Mock()
mock_factory._auth = Mock()
mock_factory._auth.refresh_token = MagicMock(
return_value=(0, "token", 1, refresh_token)
)
if log_token is not None:
mock_factory._log_tokens = log_token
session = OIDCSessionFactory.get_session_with_provided_token(
mock_factory, refresh_token
)
Expand Down Expand Up @@ -286,24 +283,6 @@ def test_endpoint_with_refresh_configures_correctly():
assert auth.refresh_data["client_id"] == client_id


def test_token_logging_outputs_token_to_logs(caplog):
refresh_token = "dGhpcyBpcyBhIHRva2VuLCBob25lc3Qh"
session = get_session_from_mock_factory_with_refresh_token(
refresh_token, log_token=True
)

assert f"Setting refresh token: {refresh_token}" in caplog.text


def test_disabled_token_logging(caplog):
refresh_token = "dGhpcyBpcyBhIHRva2VuLCBob25lc3Qh"
session = get_session_from_mock_factory_with_refresh_token(
refresh_token, log_token=False
)

assert refresh_token not in caplog.text


def mock_oidc_session_builder():
secure_servicelayer_url = "https://localhost/mi_servicelayer"
redirect_uri = "https://www.example.com/login/"
Expand Down Expand Up @@ -334,23 +313,3 @@ def mock_oidc_session_builder():

session_builder = ApiClientFactory(secure_servicelayer_url).with_oidc()
return session_builder


def test_enabling_token_logging(caplog, monkeypatch):
monkeypatch.setenv("VERBOSE_TOKEN_DEBUGGING", "true")

with caplog.at_level(logging.WARNING):
session_builder = mock_oidc_session_builder()

assert "Verbose token debugging is enabled." in caplog.text
assert session_builder._session_factory._log_tokens is True


def test_disabling_token_logging(caplog, monkeypatch):
monkeypatch.delenv("VERBOSE_TOKEN_DEBUGGING", raising=False)

with caplog.at_level(logging.WARNING):
session_builder = mock_oidc_session_builder()

assert "Verbose token debugging is enabled." not in caplog.text
assert session_builder._session_factory._log_tokens is False

0 comments on commit 3dea090

Please sign in to comment.