From 7330408ac36f893a4a11c668ba230b440ec09f41 Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Thu, 30 Mar 2023 10:22:23 +0200 Subject: [PATCH] Reverted "Refs #31949 -- Enabled @sensitive_variables to work with async functions." This reverts commits 23cbed21876bf02f4600c0dac3a5277db5b2afbb and 203a15cadbf8d03b51df1b28d89b2e7ab4264973. --- django/views/decorators/debug.py | 72 ++++++++-------------------- docs/howto/error-reporting.txt | 8 ---- docs/releases/5.0.txt | 4 +- tests/view_tests/tests/test_debug.py | 43 ++--------------- tests/view_tests/views.py | 18 ------- 5 files changed, 25 insertions(+), 120 deletions(-) diff --git a/django/views/decorators/debug.py b/django/views/decorators/debug.py index 3f68d4a7e5..5578a4995f 100644 --- a/django/views/decorators/debug.py +++ b/django/views/decorators/debug.py @@ -1,7 +1,5 @@ from functools import wraps -from asgiref.sync import iscoroutinefunction - from django.http import HttpRequest @@ -35,25 +33,13 @@ def sensitive_variables(*variables): ) def decorator(func): - if iscoroutinefunction(func): - - @wraps(func) - async def sensitive_variables_wrapper(*func_args, **func_kwargs): - if variables: - sensitive_variables_wrapper.sensitive_variables = variables - else: - sensitive_variables_wrapper.sensitive_variables = "__ALL__" - return await func(*func_args, **func_kwargs) - - else: - - @wraps(func) - def sensitive_variables_wrapper(*func_args, **func_kwargs): - if variables: - sensitive_variables_wrapper.sensitive_variables = variables - else: - sensitive_variables_wrapper.sensitive_variables = "__ALL__" - return func(*func_args, **func_kwargs) + @wraps(func) + def sensitive_variables_wrapper(*func_args, **func_kwargs): + if variables: + sensitive_variables_wrapper.sensitive_variables = variables + else: + sensitive_variables_wrapper.sensitive_variables = "__ALL__" + return func(*func_args, **func_kwargs) return sensitive_variables_wrapper @@ -91,37 +77,19 @@ def sensitive_post_parameters(*parameters): ) def decorator(view): - if iscoroutinefunction(view): - - @wraps(view) - async def sensitive_post_parameters_wrapper(request, *args, **kwargs): - if not isinstance(request, HttpRequest): - raise TypeError( - "sensitive_post_parameters didn't receive an HttpRequest " - "object. If you are decorating a classmethod, make sure " - "to use @method_decorator." - ) - if parameters: - request.sensitive_post_parameters = parameters - else: - request.sensitive_post_parameters = "__ALL__" - return await view(request, *args, **kwargs) - - else: - - @wraps(view) - def sensitive_post_parameters_wrapper(request, *args, **kwargs): - if not isinstance(request, HttpRequest): - raise TypeError( - "sensitive_post_parameters didn't receive an HttpRequest " - "object. If you are decorating a classmethod, make sure " - "to use @method_decorator." - ) - if parameters: - request.sensitive_post_parameters = parameters - else: - request.sensitive_post_parameters = "__ALL__" - return view(request, *args, **kwargs) + @wraps(view) + def sensitive_post_parameters_wrapper(request, *args, **kwargs): + if not isinstance(request, HttpRequest): + raise TypeError( + "sensitive_post_parameters didn't receive an HttpRequest " + "object. If you are decorating a classmethod, make sure " + "to use @method_decorator." + ) + if parameters: + request.sensitive_post_parameters = parameters + else: + request.sensitive_post_parameters = "__ALL__" + return view(request, *args, **kwargs) return sensitive_post_parameters_wrapper diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 875e56a51d..fd465ecf6b 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -205,10 +205,6 @@ filtered out of error reports in a production environment (that is, where exception reporting, and consider implementing a :ref:`custom filter ` if necessary. - .. versionchanged:: 5.0 - - Support for wrapping ``async`` functions was added. - .. function:: sensitive_post_parameters(*parameters) If one of your views receives an :class:`~django.http.HttpRequest` object @@ -249,10 +245,6 @@ filtered out of error reports in a production environment (that is, where ``user_change_password`` in the ``auth`` admin) to prevent the leaking of sensitive information such as user passwords. - .. versionchanged:: 5.0 - - Support for wrapping ``async`` functions was added. - .. _custom-error-reports: Custom error reports diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt index 08de2a3740..6e911f471e 100644 --- a/docs/releases/5.0.txt +++ b/docs/releases/5.0.txt @@ -215,9 +215,7 @@ Email Error Reporting ~~~~~~~~~~~~~~~ -* :func:`~django.views.decorators.debug.sensitive_variables` and - :func:`~django.views.decorators.debug.sensitive_post_parameters` can now be - used with asynchronous functions. +* ... File Storage ~~~~~~~~~~~~ diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index d0bcc68032..15e69f6811 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -9,8 +9,6 @@ from io import StringIO from pathlib import Path from unittest import mock, skipIf, skipUnless -from asgiref.sync import async_to_sync, iscoroutinefunction - from django.core import mail from django.core.files.uploadedfile import SimpleUploadedFile from django.db import DatabaseError, connection @@ -41,7 +39,6 @@ from django.views.debug import ( from django.views.decorators.debug import sensitive_post_parameters, sensitive_variables from ..views import ( - async_sensitive_view, custom_exception_reporter_filter_view, index_page, multivalue_dict_key_error, @@ -1354,10 +1351,7 @@ class ExceptionReportTestMixin: Asserts that potentially sensitive info are displayed in the response. """ request = self.rf.post("/some_url/", self.breakfast_data) - if iscoroutinefunction(view): - response = async_to_sync(view)(request) - else: - response = view(request) + response = view(request) if check_for_vars: # All variables are shown. self.assertContains(response, "cooked_eggs", status_code=500) @@ -1377,10 +1371,7 @@ class ExceptionReportTestMixin: Asserts that certain sensitive info are not displayed in the response. """ request = self.rf.post("/some_url/", self.breakfast_data) - if iscoroutinefunction(view): - response = async_to_sync(view)(request) - else: - response = view(request) + response = view(request) if check_for_vars: # Non-sensitive variable's name and value are shown. self.assertContains(response, "cooked_eggs", status_code=500) @@ -1427,10 +1418,7 @@ class ExceptionReportTestMixin: with self.settings(ADMINS=[("Admin", "admin@fattie-breakie.com")]): mail.outbox = [] # Empty outbox request = self.rf.post("/some_url/", self.breakfast_data) - if iscoroutinefunction(view): - async_to_sync(view)(request) - else: - view(request) + view(request) self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] @@ -1463,10 +1451,7 @@ class ExceptionReportTestMixin: with self.settings(ADMINS=[("Admin", "admin@fattie-breakie.com")]): mail.outbox = [] # Empty outbox request = self.rf.post("/some_url/", self.breakfast_data) - if iscoroutinefunction(view): - async_to_sync(view)(request) - else: - view(request) + view(request) self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] @@ -1558,15 +1543,6 @@ class ExceptionReporterFilterTests( self.verify_safe_response(sensitive_view) self.verify_safe_email(sensitive_view) - def test_async_sensitive_request(self): - with self.settings(DEBUG=True): - self.verify_unsafe_response(async_sensitive_view) - self.verify_unsafe_email(async_sensitive_view) - - with self.settings(DEBUG=False): - self.verify_safe_response(async_sensitive_view) - self.verify_safe_email(async_sensitive_view) - def test_paranoid_request(self): """ No POST parameters and frame variables can be seen in the @@ -1914,17 +1890,6 @@ class NonHTMLResponseExceptionReporterFilter( with self.settings(DEBUG=False): self.verify_safe_response(sensitive_view, check_for_vars=False) - def test_async_sensitive_request(self): - """ - Sensitive POST parameters cannot be seen in the default - error reports for sensitive requests. - """ - with self.settings(DEBUG=True): - self.verify_unsafe_response(async_sensitive_view, check_for_vars=False) - - with self.settings(DEBUG=False): - self.verify_safe_response(async_sensitive_view, check_for_vars=False) - def test_paranoid_request(self): """ No POST parameters can be seen in the default error reports diff --git a/tests/view_tests/views.py b/tests/view_tests/views.py index 97febdaf83..a9eeee3cd2 100644 --- a/tests/view_tests/views.py +++ b/tests/view_tests/views.py @@ -178,24 +178,6 @@ def sensitive_view(request): return technical_500_response(request, *exc_info) -@sensitive_variables("sauce") -@sensitive_post_parameters("bacon-key", "sausage-key") -async def async_sensitive_view(request): - # Do not just use plain strings for the variables' values in the code - # so that the tests don't return false positives when the function's source - # is displayed in the exception report. - cooked_eggs = "".join(["s", "c", "r", "a", "m", "b", "l", "e", "d"]) # NOQA - sauce = "".join( # NOQA - ["w", "o", "r", "c", "e", "s", "t", "e", "r", "s", "h", "i", "r", "e"] - ) - try: - raise Exception - except Exception: - exc_info = sys.exc_info() - send_log(request, exc_info) - return technical_500_response(request, *exc_info) - - @sensitive_variables() @sensitive_post_parameters() def paranoid_view(request):