From: Patrick Braune Date: Sat, 13 Jan 2018 19:28:27 +0000 (+0100) Subject: avoid printing pin/password in log (#20) X-Git-Tag: v0.3.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3788df7638bc28504e203997f286c759c401e9bc;p=thirdparty%2Fpython-fints.git avoid printing pin/password in log (#20) * avoid printing pin/password in log fixes #12 * do not create functions in a loop --- diff --git a/fints/client.py b/fints/client.py index 659e0ef..a3b7151 100644 --- a/fints/client.py +++ b/fints/client.py @@ -10,7 +10,7 @@ from .segments.accounts import HKSPA from .segments.statement import HKKAZ from .segments.saldo import HKSAL from .segments.depot import HKWPD -from .utils import mt940_to_array, MT535_Miniparser, split_for_data_groups, split_for_data_elements +from .utils import mt940_to_array, MT535_Miniparser, split_for_data_groups, split_for_data_elements, Password from mt940.models import Balance logger = logging.getLogger(__name__) @@ -33,11 +33,15 @@ class FinTS3Client: dialog.sync() dialog.init() - msg_spa = self._new_message(dialog, [ - HKSPA(3, None, None, None) - ]) - logger.debug('Sending HKSPA: {}'.format(msg_spa)) - resp = dialog.send(msg_spa) + def _get_msg(): + return self._new_message(dialog, [ + HKSPA(3, None, None, None) + ]) + + with self.pin.protect(): + logger.debug('Sending HKSPA: {}'.format(_get_msg())) + + resp = dialog.send(_get_msg()) logger.debug('Got HKSPA response: {}'.format(resp)) dialog.end() @@ -59,8 +63,13 @@ class FinTS3Client: dialog.sync() dialog.init() - msg = self._create_statement_message(dialog, account, start_date, end_date, None) - logger.debug('Send message: {}'.format(msg)) + def _get_msg(): + return self._create_statement_message(dialog, account, start_date, end_date, None) + + with self.pin.protect(): + logger.debug('Send message: {}'.format(_get_msg())) + + msg = _get_msg() resp = dialog.send(msg) touchdowns = resp.get_touchdowns(msg) responses = [resp] @@ -68,9 +77,13 @@ class FinTS3Client: while HKKAZ.type in touchdowns: logger.info('Fetching more results ({})...'.format(touchdown_counter)) - msg = self._create_statement_message(dialog, account, start_date, end_date, touchdowns[HKKAZ.type]) - logger.debug('Send message: {}'.format(msg)) + with self.pin.protect(): + logger.debug('Send message: {}'.format( + self._create_statement_message(dialog, account, start_date, end_date, touchdowns[HKKAZ.type]) + )) + + msg = self._create_statement_message(dialog, account, start_date, end_date, touchdowns[HKKAZ.type]) resp = dialog.send(msg) responses.append(resp) touchdowns = resp.get_touchdowns(msg) @@ -125,9 +138,13 @@ class FinTS3Client: dialog.init() # execute job - msg = self._create_balance_message(dialog, account) - logger.debug('Sending HKSAL: {}'.format(msg)) - resp = dialog.send(msg) + def _get_msg(): + return self._create_balance_message(dialog, account) + + with self.pin.protect(): + logger.debug('Sending HKSAL: {}'.format(_get_msg())) + + resp = dialog.send(_get_msg()) logger.debug('Got HKSAL response: {}'.format(resp)) # end dialog @@ -172,9 +189,13 @@ class FinTS3Client: dialog.init() # execute job - msg = self._create_get_holdings_message(dialog, account) - logger.debug('Sending HKWPD: {}'.format(msg)) - resp = dialog.send(msg) + def _get_msg(): + return self._create_get_holdings_message(dialog, account) + + with self.pin.protect(): + logger.debug('Sending HKWPD: {}'.format(_get_msg())) + + resp = dialog.send(_get_msg()) logger.debug('Got HIWPD response: {}'.format(resp)) # end dialog @@ -220,7 +241,7 @@ class FinTS3PinTanClient(FinTS3Client): def __init__(self, blz, username, pin, server): self.username = username self.blz = blz - self.pin = pin + self.pin = Password(pin) self.connection = FinTSHTTPSConnection(server) self.systemid = 0 super().__init__() diff --git a/fints/dialog.py b/fints/dialog.py index 95f5ec4..6604f8f 100644 --- a/fints/dialog.py +++ b/fints/dialog.py @@ -24,21 +24,38 @@ class FinTSDialog: self.hkkazversion = 6 self.tan_mechs = [] - def sync(self): - logger.info('Initialize SYNC') - + def _get_msg_sync(self): seg_identification = HKIDN(3, self.blz, self.username, 0) seg_prepare = HKVVB(4) seg_sync = HKSYN(5) - msg_sync = FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ + return FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ seg_identification, seg_prepare, seg_sync ]) - logger.debug('Sending SYNC: {}'.format(msg_sync)) - resp = self.send(msg_sync) + def _get_msg_init(self): + seg_identification = HKIDN(3, self.blz, self.username, self.systemid) + seg_prepare = HKVVB(4) + + return FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ + seg_identification, + seg_prepare, + ], self.tan_mechs) + + def _get_msg_end(self): + return FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ + HKEND(3, self.dialogid) + ]) + + def sync(self): + logger.info('Initialize SYNC') + + with self.pin.protect(): + logger.debug('Sending SYNC: {}'.format(self._get_msg_sync())) + + resp = self.send(self._get_msg_sync()) logger.debug('Got SYNC response: {}'.format(resp)) self.systemid = resp.get_systemid() self.dialogid = resp.get_dialog_id() @@ -58,15 +75,10 @@ class FinTSDialog: def init(self): logger.info('Initialize Dialog') - seg_identification = HKIDN(3, self.blz, self.username, self.systemid) - seg_prepare = HKVVB(4) + with self.pin.protect(): + logger.debug('Sending INIT: {}'.format(self._get_msg_init())) - msg_init = FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ - seg_identification, - seg_prepare, - ], self.tan_mechs) - logger.debug('Sending INIT: {}'.format(msg_init)) - resp = self.send(msg_init) + resp = self.send(self._get_msg_init()) logger.debug('Got INIT response: {}'.format(resp)) self.dialogid = resp.get_dialog_id() @@ -77,11 +89,10 @@ class FinTSDialog: def end(self): logger.info('Initialize END') - msg_end = FinTSMessage(self.blz, self.username, self.pin, self.systemid, self.dialogid, self.msgno, [ - HKEND(3, self.dialogid) - ]) - logger.debug('Sending END: {}'.format(msg_end)) - resp = self.send(msg_end) + with self.pin.protect(): + logger.debug('Sending END: {}'.format(self._get_msg_end())) + + resp = self.send(self._get_msg_end()) logger.debug('Got END response: {}'.format(resp)) logger.info('Resetting dialog ID and message number count') self.dialogid = 0 diff --git a/fints/utils.py b/fints/utils.py index 9c2a86d..8eea5b9 100644 --- a/fints/utils.py +++ b/fints/utils.py @@ -2,6 +2,7 @@ import mt940 import re from .models import Holding from datetime import datetime +from contextlib import contextmanager def mt940_to_array(data): @@ -126,3 +127,31 @@ class MT535_Miniparser: if within_financial_instrument: stack.append(clause) return retval + + +class Password(str): + protected = False + + def __init__(self, value): + self.value = value + + @classmethod + @contextmanager + def protect(cls): + try: + cls.protected = True + yield None + finally: + cls.protected = False + + def __str__(self): + return '***' if self.protected else self.value + + def __repr__(self): + return self.__str__().__repr__() + + def __add__(self, other): + return self.__str__().__add__(other) + + def replace(self, *args, **kwargs): + return self.__str__().replace(*args, **kwargs)