Sometimes when a Django site's authentication backend goes down, a login will fail with a 500 error. This has happened to me when using an LDAP backend for authentication. A glitch with the settings, or ldap temporarily disappearing can make logins flake out for a short period of time.
That's fine, but when a 500 error occurs it e-mails detailed information about the error to the ADMINS. We like this behavior for most errors, but it is quite frustrating when it is a login form with a password as part of a POST. If it is one of us who gets our password e-mailed out, it's even more frustrating. It hits a mailing list first, and goes to the archives to be stored in plain text. It goes to several e-mail inboxes, some of which are not local inboxes.
I decided that enough was enough. Drop this middleware in, and it will change a "password" field in the POST to twenty asterisks. This was the default way to display other sensitive settings on the DEBUG page, so I figured I'd be consistant with that.
This snippet is distributed under the GPLv3 License http://www.gnu.org/licenses/gpl-3.0-standalone.html
1 2 3 4 5 6 7 8 9 10 11 12
import sys from django.core.handlers.base import BaseHandler class NoPasswordExceptionMiddleware(): def process_exception(self, request, exception): if 'password' in request.POST.keys(): post = request.POST.copy() post['password']='********************' request.POST = post b=BaseHandler() exc_info = sys.exc_info() b.handle_uncaught_exception(request,exception,exc_info)
More like this
- Serializer factory with Django Rest Framework by julio 5 months, 3 weeks ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 6 months, 1 week ago
- Help text hyperlinks by sa2812 7 months, 1 week ago
- Stuff by NixonDash 9 months, 2 weeks ago
- Add custom fields to the built-in Group model by jmoppel 11 months, 2 weeks ago