With LoggingMixin, view functions get masked values for keys like "Key" and "Password"

[ozgurakcali]

LoggingMixin overrides request data for fields such as "password", "key" etc. not only while saving the request log, but before the request is processed. My view got a long string of asterixes instead of the user provided value for fields "Key" and "Password". Took me a good 2 hours to find the issue.

[triat]

Hello @ozgurakcali, this bug should be fixed with my change in #66, try to get drf-tracking from the master branch and not from PIPY to see if it is solved.

Sorry for the bug, that's entirely my fault

[ozgurakcali]

Hi @triat , thanks for your reply. Will try that.

[triat]

Let me know if it worked better @ozgurakcali

[Gnorizo]

I encountered this same issue, that sensitive fields were not only masked for logging but also overwritten with asterisks prior to being processed by the view, thus causing the view to fail.

I grabbed your latest code from master (as suggested above) and can confirm that it fixes the issue of sensitive fields being overwritten. Thank you! However, that branch appears to have another issue with the _clean_data() function:

python3.6/site-packages/rest_framework_tracking/mixins.py", line 64, in initial
self.request.log.data = self._clean_data(self.request.data.dict())
AttributeError: 'list' object has no attribute 'dict'

This appears to occur when a JSON list is passed into the request, since _clean_data() appears to assume the data is a dict. FYI

[selected-pixel-jameson]

Ya. I ran into the same issue just using the branch from PIP install. Also took me forever to figure out why this was happening.

[triat]

Maybe @avelis can do a release as there is a bug in the actual version ?

[selected-pixel-jameson]

That would be awesome. @avelis

[stevanmilic]

I can confirm that this issue is solved with new release 1.4.0. I've also spent a lot of time figuring this out...