remove /login from tracking logs so we don't capture passwords

2012-01-26 19:05:52 -05:00
parent 79c1cf19a0
commit e5ca9618ea
2 changed files with 6 additions and 3 deletions
--- a/auth/views.py
+++ b/auth/views.py
@@ -74,8 +74,10 @@ def login_user(request, error=""):
            log.critical("Login failed - Could not create session. Is memcached running?")
            log.exception(e)

+        log.info("Login success - {0} ({1})".format(username, email))
        return HttpResponse(json.dumps({'success':True}))

+    log.warning("Login failed - Account not active for user {0}".format(username))
    return HttpResponse(json.dumps({'success':False, 
                                    'error': 'Account not active. Check your e-mail.'}))

--- a/track/middleware.py
+++ b/track/middleware.py
@@ -5,10 +5,11 @@ from django.conf import settings
 import views

 class TrackMiddleware:
-    def process_request (self, request):
+    def process_request(self, request):
        try:
-            # We're already logging events
-            if request.META['PATH_INFO'] == '/event':
+            # We're already logging events, and we don't want to capture user
+            # names/passwords.
+            if request.META['PATH_INFO'] in ['/event', '/login']:
                return
            
            event = { 'GET'  : dict(request.GET),