almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 12:41:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove the password from API GET responses

Browse source 
While keeping it for POST/PUT.

fix #289
This commit is contained in:
Jocelyn Delalande 2017-12-22 01:03:09 +01:00
parent 5160dac4a5
commit 739e5abccd
3 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.rst
View file

@ -12,6 +12,7 @@ Breaking changes
- ``ADMIN_PASSWORD`` is now stored hashed. The ``ihatemoney generate_password_hash`` command can now be used to generate a proper password HASH (#236)
- Turn the WSGI file into a python module, renamed from budget/ihatemoney.wsgi to ihatemoney/wsgi.py. Please update your Apache/Gunicorn configuration! (#218)
- Admin privileges are now required to access the dashboard (#262)
- `password` field has been removed from project API GET views (#289)
Changed
=======

2
ihatemoney/models.py
View file

@ -14,7 +14,7 @@ db = SQLAlchemy()
class Project(db.Model):
_to_serialize = (
"id", "name", "password", "contact_email", "members", "active_members",
"id", "name", "contact_email", "members", "active_members",
"balance"
)

2
ihatemoney/tests/tests.py
View file

@ -1076,7 +1076,6 @@ class APITestCase(IhatemoneyTestCase):
"balance": {},
}
decoded_resp = json.loads(resp.data.decode('utf-8'))
self.assertTrue(check_password_hash(decoded_resp.pop('password'), 'raclette'))
self.assertDictEqual(decoded_resp, expected)
# edit should work
@ -1341,7 +1340,6 @@ class APITestCase(IhatemoneyTestCase):
self.assertStatus(200, req)
decoded_req = json.loads(req.data.decode('utf-8'))
self.assertTrue(check_password_hash(decoded_req.pop('password'), 'raclette'))
self.assertDictEqual(decoded_req, expected)