Handle a token obtaining event, and add tokens into cache.
(self, event, now=None)
| 296 | return list(self.search(credential_type, target=target, query=query, now=now)) |
| 297 | |
| 298 | def add(self, event, now=None): |
| 299 | """Handle a token obtaining event, and add tokens into cache.""" |
| 300 | def make_clean_copy(dictionary, sensitive_fields): # Masks sensitive info |
| 301 | return { |
| 302 | k: "********" if k in sensitive_fields else v |
| 303 | for k, v in dictionary.items() |
| 304 | } |
| 305 | clean_event = dict( |
| 306 | event, |
| 307 | data=make_clean_copy(event.get("data", {}), ( |
| 308 | "password", "client_secret", "refresh_token", "assertion", |
| 309 | "user_federated_identity_credential", |
| 310 | )), |
| 311 | response=make_clean_copy(event.get("response", {}), ( |
| 312 | "id_token_claims", # Provided by broker |
| 313 | "access_token", "refresh_token", "id_token", "username", |
| 314 | )), |
| 315 | ) |
| 316 | logger.debug("event=%s", json.dumps( |
| 317 | # We examined and concluded that this log won't have Log Injection risk, |
| 318 | # because the event payload is already in JSON so CR/LF will be escaped. |
| 319 | clean_event, |
| 320 | indent=4, sort_keys=True, |
| 321 | default=str, # assertion is in bytes in Python 3 |
| 322 | )) |
| 323 | return self.__add(event, now=now) |
| 324 | |
| 325 | def __parse_account(self, response, id_token_claims): |
| 326 | """Return client_info and home_account_id""" |