From 168c172fe73d17fef6dc5a6dc74da9eac22c8d3e Mon Sep 17 00:00:00 2001 From: mdipierro Date: Thu, 9 Jul 2020 22:45:42 -0700 Subject: [PATCH] version 20200709.2, restapi masks passwords --- pydal/__init__.py | 2 +- pydal/restapi.py | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pydal/__init__.py b/pydal/__init__.py index 7a2fe8464..5141991cc 100644 --- a/pydal/__init__.py +++ b/pydal/__init__.py @@ -1,4 +1,4 @@ -__version__ = "20200709.1" +__version__ = "20200709.2" from .base import DAL from .objects import Field diff --git a/pydal/restapi.py b/pydal/restapi.py index 7812b253d..12ccdce8d 100644 --- a/pydal/restapi.py +++ b/pydal/restapi.py @@ -433,10 +433,17 @@ def filter_fieldnames(table, fieldnames): queries.append(table) query = functools.reduce(lambda a, b: a & b, queries) - tfields = [table[tfieldname] for tfieldname in tfieldnames] + tfields = [table[tfieldname] for tfieldname in tfieldnames if + table[tfieldname].type != 'password'] + passwords = [tfieldname for tfieldname in tfieldnames if + table[tfieldname].type == 'password'] rows = db(query).select( *tfields, limitby=(offset, limit + offset), orderby=orderby ) + if passwords: + dpass = {password: '******' for password in passwords} + for row in rows: + row.update(dpass) lookup_map = {} for key in list(lookup.keys()): @@ -455,7 +462,8 @@ def filter_fieldnames(table, fieldnames): tfieldnames = filter_fieldnames(ref_table, tfieldnames) check_table_lookup_permission(ref_tablename) ids = [row[key] for row in rows] - tfields = [ref_table[tfieldname] for tfieldname in tfieldnames] + tfields = [ref_table[tfieldname] for tfieldname in tfieldnames if + ref_table[tfieldname].type == 'password'] if not "id" in tfieldnames: tfields.append(ref_table["id"]) drows = db(ref_table._id.belongs(ids)).select(*tfields).as_dict()