From 739e5abccdb72ebea104b019b873c9b066fc3666 Mon Sep 17 00:00:00 2001 From: Jocelyn Delalande Date: Fri, 22 Dec 2017 01:03:09 +0100 Subject: [PATCH] Remove the password from API GET responses While keeping it for POST/PUT. fix #289 --- CHANGELOG.rst | 1 + ihatemoney/models.py | 2 +- ihatemoney/tests/tests.py | 2 -- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fffc8c56..35cf91c0 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,7 @@ Breaking changes - ``ADMIN_PASSWORD`` is now stored hashed. The ``ihatemoney generate_password_hash`` command can now be used to generate a proper password HASH (#236) - Turn the WSGI file into a python module, renamed from budget/ihatemoney.wsgi to ihatemoney/wsgi.py. Please update your Apache/Gunicorn configuration! (#218) - Admin privileges are now required to access the dashboard (#262) +- `password` field has been removed from project API GET views (#289) Changed ======= diff --git a/ihatemoney/models.py b/ihatemoney/models.py index 9e11054d..aa3083d6 100644 --- a/ihatemoney/models.py +++ b/ihatemoney/models.py @@ -14,7 +14,7 @@ db = SQLAlchemy() class Project(db.Model): _to_serialize = ( - "id", "name", "password", "contact_email", "members", "active_members", + "id", "name", "contact_email", "members", "active_members", "balance" ) diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index dc46580a..f256ee96 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -1076,7 +1076,6 @@ class APITestCase(IhatemoneyTestCase): "balance": {}, } decoded_resp = json.loads(resp.data.decode('utf-8')) - self.assertTrue(check_password_hash(decoded_resp.pop('password'), 'raclette')) self.assertDictEqual(decoded_resp, expected) # edit should work @@ -1341,7 +1340,6 @@ class APITestCase(IhatemoneyTestCase): self.assertStatus(200, req) decoded_req = json.loads(req.data.decode('utf-8')) - self.assertTrue(check_password_hash(decoded_req.pop('password'), 'raclette')) self.assertDictEqual(decoded_req, expected)