granularly prevent filtering oauth secrets

2026-04-30 03:41:50 -05:00 · 2018-04-27 16:39:37 -04:00
parent 7781667977
commit 4197a9fd35
3 changed files with 9 additions and 5 deletions
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@@ -169,3 +169,9 @@ activity_stream_registrar.connect(OAuth2AccessToken)

 # prevent API filtering on certain Django-supplied sensitive fields
 prevent_search(User._meta.get_field('password'))
+prevent_search(OAuth2AccessToken._meta.get_field('token'))
+prevent_search(RefreshToken._meta.get_field('token'))
+prevent_search(OAuth2Application._meta.get_field('client_secret'))
+prevent_search(OAuth2Application._meta.get_field('client_id'))
+prevent_search(Grant._meta.get_field('code'))
+