Add test to validate that sensitive parameters like passwords do not …

…get logged

test_urls.py

@@ -1,6 +1,8 @@
 from django.conf.urls import url
 from django.http import HttpResponse
 from django.views import View
+from django.views.decorators.debug import sensitive_post_parameters
+
 from request_logging.decorators import no_logging
 from rest_framework import viewsets, routers
 
@@ -32,6 +34,10 @@ def view_msg(request):
 def dont_log_empty_response_body(request):
     return HttpResponse(status=201)
 
+@sensitive_post_parameters('pass_word')
+def dont_log_sensative_parameter(request):
+    return HttpResponse(status=200)
+
 
 class UnannotatedDRF(viewsets.ModelViewSet):
     @no_logging("DRF explicit annotation")
@@ -52,4 +58,5 @@ def partial_update(self, request, *args, **kwargs):
     url(r'^test_func$', view_func),
     url(r'^test_msg$', view_msg),
     url(r'^dont_log_empty_response_body$', dont_log_empty_response_body),
+    url(r'^dont_log_sensative_parameter', dont_log_sensative_parameter)
 ] + router.urls

tests.py

@@ -403,6 +403,13 @@ def test_still_logs_path(self, mock_log):
         self.middleware.process_request(request)
         self._assert_logged(mock_log, uri)
 
+    def test_log_sensative_post_parameters(self, mock_log):
+        body = {"pass_word": "foo"}
+        uri = "/dont_log_sensative_parameter"
+        request = self.factory.post(uri, data=body)
+        self.middleware.__call__(request)
+        self._assert_not_logged(mock_log, "foo")
+
 
 @mock.patch.object(request_logging.middleware, "request_logger")
 class DRFTestCase(BaseLogTestCase):