From ad96143ee092e77dc8c912bdeedef1e79a1eda38 Mon Sep 17 00:00:00 2001
From: Ivan Habunek <ivan@habunek.com>
Date: Mon, 11 May 2020 12:46:27 +0200
Subject: [PATCH] Censor authorization header value in logs

---
 toot/logging.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/toot/logging.py b/toot/logging.py
index 4b72338..9730cca 100644
--- a/toot/logging.py
+++ b/toot/logging.py
@@ -3,11 +3,21 @@ from logging import getLogger
 logger = getLogger('toot')
 
 
+def censor_secrets(headers):
+    def _censor(k, v):
+        if k == "Authorization":
+            return (k, "***CENSORED***")
+        return k, v
+
+    return {_censor(k, v) for k, v in headers.items()}
+
+
 def log_request(request):
     logger.debug(">>> \033[32m{} {}\033[0m".format(request.method, request.url))
 
     if request.headers:
-        logger.debug(">>> HEADERS: \033[33m{}\033[0m".format(request.headers))
+        headers = censor_secrets(request.headers)
+        logger.debug(">>> HEADERS: \033[33m{}\033[0m".format(headers))
 
     if request.data:
         logger.debug(">>> DATA:    \033[33m{}\033[0m".format(request.data))