Remove token value from log messages in legacy router files #35

New Issue

Open

opened 2026-02-20 06:50:55 +00:00 by cal · 1 comment

cal commented 2026-02-20 06:50:55 +00:00

Owner

Copy Link

Several router files log the raw bearer token on 401 failures (e.g. plays.py:37: logger.warning(f"patch_play - Bad Token: {token}")). The handle_db_errors decorator correctly redacts tokens, but explicit logger.warning calls bypass that protection.

Priority: medium | Labels: security

Several router files log the raw bearer token on 401 failures (e.g. `plays.py:37`: `logger.warning(f"patch_play - Bad Token: {token}")`). The `handle_db_errors` decorator correctly redacts tokens, but explicit logger.warning calls bypass that protection. **Priority**: medium | **Labels**: security

cal added the

ai-working

label 2026-03-05 17:30:56 +00:00

cal referenced this issue from a commit 2026-03-05 17:32:20 +00:00

fix: remove token value from Bad Token log messages (#35)

cal referenced a pull request that will close this issue 2026-03-05 17:32:27 +00:00

fix: remove token value from Bad Token log messages (#35) #45

cal added the

ai-pr-opened

label 2026-03-05 17:32:33 +00:00

cal commented 2026-03-05 17:32:35 +00:00

Author

Owner

Copy Link

Fixed in PR #45: #45

Removed raw bearer token interpolation from 22 router files. All logger.warning(f'... Bad Token: {token}') calls converted to static strings like logger.warning('... Bad Token'). No token value is now logged on 401 failures.

Fixed in PR #45: https://git.manticorum.com/cal/major-domo-database/pulls/45 Removed raw bearer token interpolation from 22 router files. All `logger.warning(f'... Bad Token: {token}')` calls converted to static strings like `logger.warning('... Bad Token')`. No token value is now logged on 401 failures.

cal removed the

ai-working

label 2026-03-05 17:32:37 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

issue/101-fieldingstats-get-totalstats-total-count-overwritt

issue/71-refactor-manual-db-close-calls-to-middleware-based

fix/remove-hardcoded-webhook

issue/81-add-migration-tracking-system

issue/74-add-missing-indexes-on-foreign-key-columns-in-high

issue/69-boolean-fields-compared-as-integers-sqlite-pattern

issue/75-fix-n-1-query-pattern-in-standings-recalculation

issue/77-replace-row-by-row-delete-with-bulk-delete-in-care

issue/82-align-python-version-between-docker-image-3-11-and

issue/76-replace-deprecated-pydantic-dict-with-model-dump

issue/70-remove-sqlite-fallback-code-from-db-engine-py

issue/78-fix-discord-id-type-mismatch-between-model-charfie

issue/80-disable-autoconnect-and-set-pool-timeout-on-pooled

issue/73-add-type-annotations-to-untyped-query-parameters

issue/79-stop-logging-raw-auth-tokens-in-warning-messages

ai/major-domo-database-66

ai/major-domo-database-65

next-release

ai/major-domo-database-38

ai/major-domo-database-27

ai/major-domo-database-19

ai/major-domo-database-20

ai/major-domo-database-22

ai/major-domo-database-26

ai/major-domo-database-31

ai/major-domo-database-35

feat/sbaplayer-id-plays-filter

chore/optimize-claude-md

2026.4.3

2026.4.2

2026.4.1

2026.3.7

2026.3.6

2026.3.5

2026.3.4

2026.3.3

2026.3.2

2026.3.1

2026.2.3

2026.2.2

2026.2.1

Labels

Clear labels   

ai-changes-requested

  

ai-pr-opened

  

ai-reviewed

  

ai-reviewing

  

ai-reviewing

  

ai-working

No Label

ai-changes-requested

ai-pr-opened

ai-reviewed

ai-reviewing

ai-reviewing

ai-working

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/major-domo-database#35

No description provided.