From 3dea090fc90a0121db5079da57ef42815f3389ba Mon Sep 17 00:00:00 2001 From: Doug Addy Date: Tue, 2 Jan 2024 16:46:01 +0000 Subject: [PATCH] Remove verbose OIDC logging --- src/ansys/openapi/common/_oidc.py | 13 ---------- tests/test_oidc.py | 43 +------------------------------ 2 files changed, 1 insertion(+), 55 deletions(-) diff --git a/src/ansys/openapi/common/_oidc.py b/src/ansys/openapi/common/_oidc.py index b2e88841..1d63f838 100644 --- a/src/ansys/openapi/common/_oidc.py +++ b/src/ansys/openapi/common/_oidc.py @@ -1,4 +1,3 @@ -import os from typing import Optional import keyring @@ -53,17 +52,7 @@ def __init__( self._initial_session = initial_session self._api_url = initial_response.url - if os.getenv("VERBOSE_TOKEN_DEBUGGING"): - self._log_tokens = True - else: - self._log_tokens = False - logger.debug("Creating OIDC session handler...") - if self._log_tokens: - logger.warning( - "Verbose token debugging is enabled. This will write sensitive information to the log. " - "Do not use this in production." - ) self._authenticate_parameters = self._parse_unauthorized_header( initial_response @@ -129,8 +118,6 @@ def get_session_with_provided_token(self, refresh_token: str) -> requests.Sessio logger.info("Setting tokens...") if refresh_token is None: raise ValueError("Must provide a value for 'refresh_token', not None") - if self._log_tokens: - logger.debug(f"Setting refresh token: {refresh_token}") try: state, token, expires_in, new_refresh_token = self._auth.refresh_token( refresh_token diff --git a/tests/test_oidc.py b/tests/test_oidc.py index a6cba857..ddfca27c 100644 --- a/tests/test_oidc.py +++ b/tests/test_oidc.py @@ -1,5 +1,4 @@ import json -import logging from urllib.parse import parse_qs import pytest @@ -43,15 +42,13 @@ def try_parse_and_assert_failed(response): def get_session_from_mock_factory_with_refresh_token( - refresh_token: str, log_token: bool = None + refresh_token: str ): mock_factory = Mock() mock_factory._auth = Mock() mock_factory._auth.refresh_token = MagicMock( return_value=(0, "token", 1, refresh_token) ) - if log_token is not None: - mock_factory._log_tokens = log_token session = OIDCSessionFactory.get_session_with_provided_token( mock_factory, refresh_token ) @@ -286,24 +283,6 @@ def test_endpoint_with_refresh_configures_correctly(): assert auth.refresh_data["client_id"] == client_id -def test_token_logging_outputs_token_to_logs(caplog): - refresh_token = "dGhpcyBpcyBhIHRva2VuLCBob25lc3Qh" - session = get_session_from_mock_factory_with_refresh_token( - refresh_token, log_token=True - ) - - assert f"Setting refresh token: {refresh_token}" in caplog.text - - -def test_disabled_token_logging(caplog): - refresh_token = "dGhpcyBpcyBhIHRva2VuLCBob25lc3Qh" - session = get_session_from_mock_factory_with_refresh_token( - refresh_token, log_token=False - ) - - assert refresh_token not in caplog.text - - def mock_oidc_session_builder(): secure_servicelayer_url = "https://localhost/mi_servicelayer" redirect_uri = "https://www.example.com/login/" @@ -334,23 +313,3 @@ def mock_oidc_session_builder(): session_builder = ApiClientFactory(secure_servicelayer_url).with_oidc() return session_builder - - -def test_enabling_token_logging(caplog, monkeypatch): - monkeypatch.setenv("VERBOSE_TOKEN_DEBUGGING", "true") - - with caplog.at_level(logging.WARNING): - session_builder = mock_oidc_session_builder() - - assert "Verbose token debugging is enabled." in caplog.text - assert session_builder._session_factory._log_tokens is True - - -def test_disabling_token_logging(caplog, monkeypatch): - monkeypatch.delenv("VERBOSE_TOKEN_DEBUGGING", raising=False) - - with caplog.at_level(logging.WARNING): - session_builder = mock_oidc_session_builder() - - assert "Verbose token debugging is enabled." not in caplog.text - assert session_builder._session_factory._log_tokens is False