From e5ca9618ea5ae9f2fc11ea5a8c9f479b1430d84c Mon Sep 17 00:00:00 2001 From: David Ormsbee Date: Thu, 26 Jan 2012 19:05:52 -0500 Subject: [PATCH] remove /login from tracking logs so we don't capture passwords --- auth/views.py | 2 ++ track/middleware.py | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/auth/views.py b/auth/views.py index 1b6069b593..fa8c56933f 100644 --- a/auth/views.py +++ b/auth/views.py @@ -74,8 +74,10 @@ def login_user(request, error=""): log.critical("Login failed - Could not create session. Is memcached running?") log.exception(e) + log.info("Login success - {0} ({1})".format(username, email)) return HttpResponse(json.dumps({'success':True})) + log.warning("Login failed - Account not active for user {0}".format(username)) return HttpResponse(json.dumps({'success':False, 'error': 'Account not active. Check your e-mail.'})) diff --git a/track/middleware.py b/track/middleware.py index 407f64b992..6905ae86f3 100644 --- a/track/middleware.py +++ b/track/middleware.py @@ -5,10 +5,11 @@ from django.conf import settings import views class TrackMiddleware: - def process_request (self, request): + def process_request(self, request): try: - # We're already logging events - if request.META['PATH_INFO'] == '/event': + # We're already logging events, and we don't want to capture user + # names/passwords. + if request.META['PATH_INFO'] in ['/event', '/login']: return event = { 'GET' : dict(request.GET),