paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-05-01 11:19:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

Resolve obfuscated password warnings, merge use of the field

Browse Source
This commit is contained in:
shamoon 2024-11-30 10:48:07 -08:00
parent 627d0ac9cf
commit 880dc7b34c
3 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/paperless/serialisers.py
View File

@ -11,22 +11,11 @@ from rest_framework import serializers
from rest_framework.authtoken.serializers import AuthTokenSerializer from rest_framework.authtoken.serializers import AuthTokenSerializer
from paperless.models import ApplicationConfiguration from paperless.models import ApplicationConfiguration
from paperless_mail.serialisers import ObfuscatedPasswordField
logger = logging.getLogger("paperless.settings") logger = logging.getLogger("paperless.settings")
class ObfuscatedUserPasswordField(serializers.Field):
"""
Sends *** string instead of password in the clear
"""
def to_representation(self, value):
return "**********" if len(value) > 0 else ""
def to_internal_value(self, data):
return data
class PaperlessAuthTokenSerializer(AuthTokenSerializer): class PaperlessAuthTokenSerializer(AuthTokenSerializer):
code = serializers.CharField( code = serializers.CharField(
label="MFA Code", label="MFA Code",
@ -58,7 +47,7 @@ class PaperlessAuthTokenSerializer(AuthTokenSerializer):
class UserSerializer(serializers.ModelSerializer): class UserSerializer(serializers.ModelSerializer):
password = ObfuscatedUserPasswordField(required=False) password = ObfuscatedPasswordField(required=False)
user_permissions = serializers.SlugRelatedField( user_permissions = serializers.SlugRelatedField(
many=True, many=True,
queryset=Permission.objects.exclude(content_type__app_label="admin"), queryset=Permission.objects.exclude(content_type__app_label="admin"),
@ -163,7 +152,7 @@ class SocialAccountSerializer(serializers.ModelSerializer):
class ProfileSerializer(serializers.ModelSerializer): class ProfileSerializer(serializers.ModelSerializer):
email = serializers.EmailField(allow_null=False) email = serializers.EmailField(allow_null=False)
password = ObfuscatedUserPasswordField(required=False, allow_null=False) password = ObfuscatedPasswordField(required=False, allow_null=False)
auth_token = serializers.SlugRelatedField(read_only=True, slug_field="key") auth_token = serializers.SlugRelatedField(read_only=True, slug_field="key")
social_accounts = SocialAccountSerializer( social_accounts = SocialAccountSerializer(
many=True, many=True,

6
src/paperless_mail/serialisers.py
View File

@ -8,13 +8,13 @@ from paperless_mail.models import MailAccount
from paperless_mail.models import MailRule from paperless_mail.models import MailRule
class ObfuscatedPasswordField(serializers.Field): class ObfuscatedPasswordField(serializers.CharField):
""" """
Sends *** string instead of password in the clear Sends *** string instead of password in the clear
""" """
def to_representation(self, value): def to_representation(self, value) -> str:
return "*" * len(value) return "*" * max(10, len(value))
def to_internal_value(self, data): def to_internal_value(self, data):
return data return data

2
src/paperless_mail/tests/test_api.py
View File

@ -64,7 +64,7 @@ class TestAPIMailAccounts(DirectoriesMixin, APITestCase):
self.assertEqual(returned_account1["username"], account1.username) self.assertEqual(returned_account1["username"], account1.username)
self.assertEqual( self.assertEqual(
returned_account1["password"], returned_account1["password"],
"*" * len(account1.password), "**********",
) )
self.assertEqual(returned_account1["imap_server"], account1.imap_server) self.assertEqual(returned_account1["imap_server"], account1.imap_server)
self.assertEqual(returned_account1["imap_port"], account1.imap_port) self.assertEqual(returned_account1["imap_port"], account1.imap_port)