[change] Passphrase shall be only write only

openwisp · Jul 25, 2021 · a020222 · a020222
1 parent 9abbb5c
commit a020222
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/openwisp_controller/pki/api/serializers.py b/openwisp_controller/pki/api/serializers.py
@@ -81,6 +81,7 @@ class Meta:
             'organization': {'required': True},
             'key_length': {'initial': '2048'},
             'digest': {'initial': 'sha256'},
+            'passphrase': {'write_only': True},
             'validity_start': {'default': default_validity_start()},
             'validity_end': {'default': default_ca_validity_end()},
         }
@@ -154,6 +155,7 @@ class Meta:
             'revoked_at': {'read_only': True},
             'key_length': {'initial': '2048'},
             'digest': {'initial': 'sha256'},
+            'passphrase': {'write_only': True},
             'validity_start': {'default': default_validity_start()},
             'validity_end': {'default': default_cert_validity_end()},
         }

diff --git a/openwisp_controller/pki/tests/test_api.py b/openwisp_controller/pki/tests/test_api.py
@@ -97,6 +97,7 @@ def test_ca_list_api(self):
         with self.assertNumQueries(4):
             r = self.client.get(path)
         self.assertEqual(r.status_code, 200)
+        self.assertNotIn('passphrase', r.content.decode('utf8'))
 
     def test_ca_detail_api(self):
         ca1 = self._create_ca(name='ca1', organization=self._get_org())
@@ -217,6 +218,7 @@ def test_cert_list_api(self):
             r = self.client.get(path)
         self.assertEqual(r.status_code, 200)
         self.assertEqual(Cert.objects.count(), 1)
+        self.assertNotIn('passphrase', r.content.decode('utf8'))
 
     def test_cert_detail_api(self):
         cert1 = self._create_cert(name='cert1')