fix security issues

ohcnetwork · Sep 24, 2024 · f12a50b · f12a50b
1 parent 9a7f490
commit f12a50b
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/care/facility/api/serializers/patient_otp.py b/care/facility/api/serializers/patient_otp.py
@@ -50,7 +50,7 @@ def create(self, validated_data):
                     "Please do not share this Confidential Login Token with anyone else"
                 ),
             )
-        else:
+        elif settings.DEBUG:
             print(otp, otp_obj.phone_number)  # noqa: T201
 
         otp_obj.otp = otp

diff --git a/care/utils/sms/send_sms.py b/care/utils/sms/send_sms.py
@@ -16,7 +16,8 @@ def send_sms(phone_numbers, message, many=False):
         try:
             mobile_validator(phone)
         except Exception:
-            logger.error("Invalid Phone Number %s", phone)
+            if settings.DEBUG:
+                logger.error("Invalid Phone Number %s", phone)
             continue
         client = boto3.client(
             "sns",

diff --git a/config/authentication.py b/config/authentication.py
@@ -230,8 +230,7 @@ def get_validated_token(self, url, token):
             return self.open_id_authenticate(url, token)
         except Exception as e:
             logger.info(e, "Token: ", token)
-            err = {"detail": "Invalid Authorization token"}
-            raise InvalidToken(err) from e
+            raise InvalidToken({"detail": "Invalid Authorization token"}) from e
 
     def get_user(self, validated_token):
         user = User.objects.filter(username=settings.ABDM_USERNAME).first()