Better password censoring (#470)

* Censor password better

* Better comment

---------

Co-authored-by: Ilja Leiko <[email protected]>

glocaltokens/client.py

@@ -170,8 +170,8 @@ def __init__(
             "Set GLocalAuthenticationTokens client "
             'username to "%s", password to "%s", '
             'master_token to "%s" and android_id to %s',
-            censor(username),
-            censor(password),
+            censor(username, hide_length=True),
+            censor(password, hide_length=True, hide_first_letter=True),
             censor(master_token),
             censor(android_id),
         )

glocaltokens/utils/logs.py

@@ -2,12 +2,18 @@
 from __future__ import annotations
 
 
-def censor(text: str | None) -> str:
+def censor(
+    text: str | None, hide_length: bool = False, hide_first_letter: bool = False
+) -> str:
     """
-    Replaces characters in a str with the asterisks
+    Hide sensitive information.
 
     text: The text to censure.
     """
+    if not text:
+        # 'None' for None, '' for ''.
+        return str(text)
     char = "*"
-    text = text if text else ""
-    return text[0] + (len(text) - 1) * char if text else text
+    prefix = text[0] if not hide_first_letter else ""
+    suffix = "<redacted>" if hide_length else char * (len(text) - len(prefix))
+    return prefix + suffix

tests/test_utils.py

@@ -25,3 +25,14 @@ def test_censor(self) -> None:
         # With empty string
         censored_string = censor("")
         self.assertEqual(censored_string, "")
+
+        # Hide first letter
+        self.assertEqual(censor("abc", hide_first_letter=True), "***")
+
+        # Hide length
+        self.assertEqual(censor("abc", hide_length=True), "a<redacted>")
+
+        # Hide both
+        self.assertEqual(
+            censor("abc", hide_first_letter=True, hide_length=True), "<redacted>"
+        )