From 880dc7b34cb452ae719bd4d90164e360d03e1f6c Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Sat, 30 Nov 2024 10:48:07 -0800 Subject: [PATCH] Resolve obfuscated password warnings, merge use of the field --- src/paperless/serialisers.py | 17 +++-------------- src/paperless_mail/serialisers.py | 6 +++--- src/paperless_mail/tests/test_api.py | 2 +- 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/src/paperless/serialisers.py b/src/paperless/serialisers.py index 5a2c4433d..66069fca5 100644 --- a/src/paperless/serialisers.py +++ b/src/paperless/serialisers.py @@ -11,22 +11,11 @@ from rest_framework import serializers from rest_framework.authtoken.serializers import AuthTokenSerializer from paperless.models import ApplicationConfiguration +from paperless_mail.serialisers import ObfuscatedPasswordField logger = logging.getLogger("paperless.settings") -class ObfuscatedUserPasswordField(serializers.Field): - """ - Sends *** string instead of password in the clear - """ - - def to_representation(self, value): - return "**********" if len(value) > 0 else "" - - def to_internal_value(self, data): - return data - - class PaperlessAuthTokenSerializer(AuthTokenSerializer): code = serializers.CharField( label="MFA Code", @@ -58,7 +47,7 @@ class PaperlessAuthTokenSerializer(AuthTokenSerializer): class UserSerializer(serializers.ModelSerializer): - password = ObfuscatedUserPasswordField(required=False) + password = ObfuscatedPasswordField(required=False) user_permissions = serializers.SlugRelatedField( many=True, queryset=Permission.objects.exclude(content_type__app_label="admin"), @@ -163,7 +152,7 @@ class SocialAccountSerializer(serializers.ModelSerializer): class ProfileSerializer(serializers.ModelSerializer): email = serializers.EmailField(allow_null=False) - password = ObfuscatedUserPasswordField(required=False, allow_null=False) + password = ObfuscatedPasswordField(required=False, allow_null=False) auth_token = serializers.SlugRelatedField(read_only=True, slug_field="key") social_accounts = SocialAccountSerializer( many=True, diff --git a/src/paperless_mail/serialisers.py b/src/paperless_mail/serialisers.py index 5623f62c3..53a474275 100644 --- a/src/paperless_mail/serialisers.py +++ b/src/paperless_mail/serialisers.py @@ -8,13 +8,13 @@ from paperless_mail.models import MailAccount from paperless_mail.models import MailRule -class ObfuscatedPasswordField(serializers.Field): +class ObfuscatedPasswordField(serializers.CharField): """ Sends *** string instead of password in the clear """ - def to_representation(self, value): - return "*" * len(value) + def to_representation(self, value) -> str: + return "*" * max(10, len(value)) def to_internal_value(self, data): return data diff --git a/src/paperless_mail/tests/test_api.py b/src/paperless_mail/tests/test_api.py index 7e9bbfe84..985ed006b 100644 --- a/src/paperless_mail/tests/test_api.py +++ b/src/paperless_mail/tests/test_api.py @@ -64,7 +64,7 @@ class TestAPIMailAccounts(DirectoriesMixin, APITestCase): self.assertEqual(returned_account1["username"], account1.username) self.assertEqual( returned_account1["password"], - "*" * len(account1.password), + "**********", ) self.assertEqual(returned_account1["imap_server"], account1.imap_server) self.assertEqual(returned_account1["imap_port"], account1.imap_port)