Skip to content

Commit

Permalink
Merge pull request #34974 from dimagi/ap/remove-passwords-from-es
Browse files Browse the repository at this point in the history 
Do not save passwords in user index
  • Loading branch information
@AmitPhulera
AmitPhulera authored Aug 20, 2024
2 parents 4e2c082 + a522d71 commit 04c72a5
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 0 deletions.
1 change: 1 addition & 0 deletions corehq/apps/es/mappings/user_mapping.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@
"location_id": {
"type": "keyword"
},
# TODO: Remove password field when creating new mappings for this index.
"password": {
"type": "text"
},
Expand Down
12 changes: 12 additions & 0 deletions corehq/apps/es/tests/test_user_adapter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,18 @@ def test_from_python_works_with_user_dicts(self):
user_adapter.from_python(self.user.to_json())
user_adapter.from_python(self.web_user.to_json())

def test_from_python_removes_password_field(self):
user_obj = self.user.to_json()
self.assertIn('password', user_obj)
user_es_obj = user_adapter.from_python(user_obj)
self.assertNotIn('password', user_es_obj)

def test_from_python_works_fine_if_password_field_not_present(self):
user_obj = self.user.to_json()
user_obj.pop('password')
user_es_obj = user_adapter.from_python(user_obj)
self.assertNotIn('password', user_es_obj)

def test_from_python_raises_for_other_objects(self):
self.assertRaises(TypeError, user_adapter.from_python, set)

Expand Down
1 change: 1 addition & 0 deletions corehq/apps/es/users.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ def _from_dict(self, user_dict):
user_dict['__group_ids'] = [res.id for res in results]
user_dict['__group_names'] = [res.name for res in results]
user_dict['user_data_es'] = []
user_dict.pop('password', None)
if user_dict.get('base_doc') == 'CouchUser' and user_dict['doc_type'] == 'CommCareUser':
user_obj = self.model_cls.wrap_correctly(user_dict)
user_data = user_obj.get_user_data(user_obj.domain)
Expand Down

0 comments on commit 04c72a5

Please sign in to comment.