Hide passwords in register/login crash reports

Includes code for testing to be removed in the next commit.
2017-07-17 22:45:35 +00:00
parent 0365712b96
commit 433477abe4
2 changed files with 54 additions and 0 deletions
--- a/lms/envs/devstack.py
+++ b/lms/envs/devstack.py
@@ -277,3 +277,6 @@ if os.path.isfile(join(dirname(abspath(__file__)), 'private.py')):
 MODULESTORE = convert_module_store_setting_if_needed(MODULESTORE)

 SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
+# Begin test code
+ADMINS=[('Name', 'test@example.com')]
+# End test code
--- a/openedx/core/djangoapps/user_api/views.py
+++ b/openedx/core/djangoapps/user_api/views.py
@@ -9,6 +9,7 @@ from django.http import HttpResponse, HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
 from django.views.decorators.csrf import csrf_exempt, csrf_protect, ensure_csrf_cookie
+from django.views.decorators.debug import sensitive_post_parameters
 from django_countries import countries
 from django_filters.rest_framework import DjangoFilterBackend
 from opaque_keys import InvalidKeyError
@@ -44,6 +45,32 @@ from .models import UserPreference, UserProfile
 from .preferences.api import get_country_time_zones, update_email_opt_in
 from .serializers import CountryTimeZoneSerializer, UserPreferenceSerializer, UserSerializer

+# Begin test code
+import sys
+import traceback
+from django.core import mail
+from django.views.debug import ExceptionReporter
+from django.views.debug import SafeExceptionReporterFilter
+
+# Necessary for testing because SafeExceptionReporterFilter is only active in production mode
+class CustomExceptionReporterFilter(SafeExceptionReporterFilter):
+    def is_active(self, request):
+        return True
+
+def send_manually_exception_email(request, e):
+    exc_info = sys.exc_info()
+    reporter = ExceptionReporter(request, is_email=True, *exc_info)
+    reporter.filter = CustomExceptionReporterFilter()
+    subject = e.message.replace('\n', '\\n').replace('\r', '\\r')[:989]
+    message = "%s\n\n%s" % (
+        '\n'.join(traceback.format_exception(*exc_info)),
+        reporter.filter.get_request_repr(request)
+    )
+    mail.mail_admins(
+        subject, message, fail_silently=True,
+        html_message=reporter.get_traceback_html()
+    )
+# End test code

 class LoginSessionView(APIView):
    """HTTP end-points for logging in users. """
@@ -122,6 +149,14 @@ class LoginSessionView(APIView):
    @method_decorator(require_post_params(["email", "password"]))
    @method_decorator(csrf_protect)
    def post(self, request):
+        # Begin test code
+        try:
+            raise Exception
+        except Exception as e:
+            request.META['SERVER_NAME'] = 'blah'
+            request.META['SERVER_PORT'] = 18010
+            send_manually_exception_email(request, e)
+        # End test code
        """Log in a user.

        You must send all required form fields with the request.
@@ -156,6 +191,10 @@ class LoginSessionView(APIView):
        from student.views import login_user
        return shim_student_view(login_user, check_logged_in=True)(request)

+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
+

 class RegistrationView(APIView):
    """HTTP end-points for creating a new user. """
@@ -308,6 +347,14 @@ class RegistrationView(APIView):

    @method_decorator(csrf_exempt)
    def post(self, request):
+        # Begin test code
+        try:
+            raise Exception
+        except Exception as e:
+            request.META['SERVER_NAME'] = 'blah'
+            request.META['SERVER_PORT'] = 18010
+            send_manually_exception_email(request, e)
+        # End test code
        """Create the user's account.

        You must send all required form fields with the request.
@@ -381,6 +428,10 @@ class RegistrationView(APIView):
        set_logged_in_cookies(request, response, user)
        return response

+    @method_decorator(sensitive_post_parameters("password"))
+    def dispatch(self, request, *args, **kwargs):
+        return super(RegistrationView, self).dispatch(request, *args, **kwargs)
+
    def _add_email_field(self, form_desc, required=True):
        """Add an email field to a form description.