Do not leak tokens in debug logs

Colin-b · Jun 17, 2024 · 0fb60e4 · 0fb60e4
1 parent e184b7f
commit 0fb60e4
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - Type information is now provided following [PEP 561](https://www.python.org/dev/peps/pep-0561/).
 - Remove deprecation warnings due to usage of `utcnow` and `utcfromtimestamp`.
+- Tokens cache `DEBUG` logs will not display tokens anymore.
 
 ### Removed
 - Removing support for Python `3.7`.

diff --git a/requests_auth/_oauth2/tokens.py b/requests_auth/_oauth2/tokens.py
@@ -97,7 +97,7 @@ def _add_token(
             self.tokens[key] = token, expiry, refresh_token
             self._save_tokens()
             logger.debug(
-                f'Inserting token expiring on {datetime.datetime.fromtimestamp(expiry, datetime.timezone.utc)} with "{key}" key: {token}'
+                f'Inserting token expiring on {datetime.datetime.fromtimestamp(expiry, datetime.timezone.utc)} with "{key}" key.'
             )
 
     def get_token(
@@ -184,7 +184,7 @@ def get_token(
                     return bearer
 
         logger.debug(
-            f"User was not authenticated: key {key} cannot be found in {self.tokens}."
+            f"User was not authenticated: key {key} cannot be found in {list(self.tokens)}."
         )
         raise AuthenticationFailed()