Merge pull request #15586 from jspayd/hide-passwords-upstream

Hide passwords in crash reports

openedx/core/djangoapps/user_api/views.py

@@ -9,6 +9,7 @@ from django.http import HttpResponse, HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
 from django.views.decorators.csrf import csrf_exempt, csrf_protect, ensure_csrf_cookie
+from django.views.decorators.debug import sensitive_post_parameters
 from django_countries import countries
 from django_filters.rest_framework import DjangoFilterBackend
 from opaque_keys import InvalidKeyError
@@ -156,6 +157,10 @@ class LoginSessionView(APIView):
         from student.views import login_user
         return shim_student_view(login_user, check_logged_in=True)(request)
 
+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
+
 
 class RegistrationView(APIView):
     """HTTP end-points for creating a new user. """
@@ -381,6 +386,10 @@ class RegistrationView(APIView):
         set_logged_in_cookies(request, response, user)
         return response
 
+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(RegistrationView, self).dispatch(request, *args, **kwargs)
+
     def _add_email_field(self, form_desc, required=True):
         """Add an email field to a form description.