From bec5e593b30b37482d2db5e5e92bc74f10058366 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sun, 4 Aug 2024 11:00:15 -0700 Subject: [PATCH] miniflux: Mark secret strings in privileged actions Fixes: #2435 Tests: - Run affected privileged actions through UI and notice that secret strings are not logged. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/miniflux/privileged.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plinth/modules/miniflux/privileged.py b/plinth/modules/miniflux/privileged.py index 31b0bd59d..d187fb80b 100644 --- a/plinth/modules/miniflux/privileged.py +++ b/plinth/modules/miniflux/privileged.py @@ -10,7 +10,7 @@ from urllib.parse import urlparse import pexpect from plinth import action_utils, db -from plinth.actions import privileged +from plinth.actions import privileged, secret_str from plinth.utils import is_non_empty_file STATIC_SETTINGS = { @@ -83,7 +83,7 @@ def _run_miniflux_interactively(command: str, username: str, @privileged -def create_admin_user(username: str, password: str): +def create_admin_user(username: str, password: secret_str): """Create a new admin user for Miniflux CLI. Raise exception if a user with the name already exists or otherwise fails. @@ -96,7 +96,7 @@ def create_admin_user(username: str, password: str): @privileged -def reset_user_password(username: str, password: str): +def reset_user_password(username: str, password: secret_str): """Reset a user password using Miniflux CLI. Raise exception if the user does not exist or otherwise fails.