askbot/utils/http.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

"""http-related utilities for askbot
"""
from copy import copy

def hide_passwords(data):
    """replaces content of values that may contain passsword
    with XXXXXX for better security"""
    if not data:
        return data

    #names of the fields are taken from forms
    #askbot.utils.forms.SetPasswordForm
    #askbat.deps.django_authopenid.forms.LoginForm
    #todo: forms need to be consolidated and names of the fields normalized
    fields = (
        'password',
        'password1',
        'password2',
        'new_password',
        'new_password_retyped'
    )

    for field in fields:
        if field in data:
            data[field] = 'XXXXXX'

    return data

def get_request_info(request):
    """return a reasonable string with the key contents of request object
    this function is intended for the use in logs and debugging
    all passwords will be obfuscated
    """
    info = 'path: %s\n' % request.get_full_path()
    info += 'method: %s\n' % request.method
    data = None
    if request.method == 'GET':
        data = request.GET
    elif request.method == 'POST':
        data = request.POST
    data = hide_passwords(copy(data))
    info += 'data: %s\n' % unicode(data)
    info += 'host: %s\n' % request.get_host()
    if request.user.is_authenticated():
        info += 'user ID: %d\n' % request.user.id
    else:
        info += 'user is anonymous\n'
    return info