Mazání POST dat u hlášek o špatných formulářích

This commit is contained in:
Pavel "LEdoian" Turinsky 2021-09-07 16:53:25 +02:00
parent daf8cfa0e9
commit c95d1413ec
2 changed files with 27 additions and 0 deletions

View file

@ -245,6 +245,9 @@ LOGGING = {
'Http404AsInfo': { 'Http404AsInfo': {
'()': 'various.log_filters.Http404AsInfoFilter', '()': 'various.log_filters.Http404AsInfoFilter',
}, },
'StripSensitiveFormData': {
'()': 'various.log_filters.StripSensitiveFormDataFilter',
},
}, },
'loggers': { 'loggers': {
@ -258,6 +261,11 @@ LOGGING = {
'level': 'DEBUG', 'level': 'DEBUG',
'filters': ['Http404AsInfo'], 'filters': ['Http404AsInfo'],
}, },
'django.security.csrf': {
'handlers': ['none'], # vyřeší propagace?
'level': 'DEBUG',
'filters': ['StripSensitiveFormData'],
},
'seminar.prihlaska.form':{ 'seminar.prihlaska.form':{
'handlers': ['console','registration_logfile'], 'handlers': ['console','registration_logfile'],
@ -272,6 +280,7 @@ LOGGING = {
'': { '': {
'handlers': ['console'], # Add 'mail_admins' in prod and test 'handlers': ['console'], # Add 'mail_admins' in prod and test
'level': 'DEBUG', 'level': 'DEBUG',
'filters': ['StripSensitiveFormData'],
}, },
}, },

View file

@ -1,6 +1,24 @@
from logging import Filter, INFO from logging import Filter, INFO
from django.urls import reverse
class Http404AsInfoFilter(Filter): class Http404AsInfoFilter(Filter):
def filter(self, record): def filter(self, record):
if record.name == 'django.request' and record.status_code == 404: if record.name == 'django.request' and record.status_code == 404:
record.levelno = INFO record.levelno = INFO
return 1 # Keep the log record return 1 # Keep the log record
class StripSensitiveFormDataFilter(Filter):
def filter(self, record):
if hasattr(record, 'request') and record.request.path in [
reverse('login'),
reverse('logout'),
reverse('seminar_prihlaska'),
reverse('seminar_resitel_edit'),
reverse('reset_password'),
reverse('reset_password_done'),
reverse('reset_password_confirm'),
reverse('reset_password_complete'),
reverse('change_password'),
]:
record.request.POST=[]
return 1