api token sanitizer

tmunzer-AIDE · tmunzer-AIDE · commit 8b91070d40c4 · 2026-03-15T12:06:56.000+01:00
diff --git a/src/mistapi/__api_request.py b/src/mistapi/__api_request.py
@@ -27,6 +27,7 @@
 from requests.exceptions import HTTPError
 
 from mistapi.__api_response import APIResponse
+from mistapi.__api_session import _apitoken_sanitizer
 from mistapi.__logger import logger
 from mistapi.__models.privilege import Privileges
 
@@ -91,14 +92,10 @@ def _next_apitoken(self) -> None:
         with self._token_lock:
             logger.info("apirequest:_next_apitoken:rotating API Token")
             logger.debug(
-                "apirequest:_next_apitoken:current API Token is %s...%s",
-                self._apitoken[self._apitoken_index][
-                    :4
-                ],  # lgtm[py/clear-text-logging-sensitive-data]
-                self._apitoken[self._apitoken_index][
-                    -4:
-                ],  # lgtm[py/clear-text-logging-sensitive-data]
-            )
+                "apirequest:_next_apitoken:current API Token is %s",
+                _apitoken_sanitizer(self._apitoken[self._apitoken_index]),
+            )  # lgtm[py/clear-text-logging-sensitive-data]
+
             new_index = self._apitoken_index + 1
             if new_index >= len(self._apitoken):
                 new_index = 0
@@ -108,14 +105,9 @@ def _next_apitoken(self) -> None:
                     {"Authorization": "Token " + self._apitoken[self._apitoken_index]}
                 )
                 logger.debug(
-                    "apirequest:_next_apitoken:new API Token is %s...%s",
-                    self._apitoken[self._apitoken_index][
-                        :4
-                    ],  # lgtm[py/clear-text-logging-sensitive-data]
-                    self._apitoken[self._apitoken_index][
-                        -4:
-                    ],  # lgtm[py/clear-text-logging-sensitive-data]
-                )
+                    "apirequest:_next_apitoken:new API Token is %s",
+                    _apitoken_sanitizer(self._apitoken[self._apitoken_index]),
+                )  # lgtm[py/clear-text-logging-sensitive-data]
             else:
                 logger.critical(" /!\\ API TOKEN CRITICAL ERROR /!\\")
                 logger.critical(
diff --git a/src/mistapi/__api_session.py b/src/mistapi/__api_session.py
@@ -279,10 +279,8 @@ def _load_keyring(self, keyring_service) -> None:
                             token = token.strip()
                             LOGGER.info(
                                 "apisession:_load_keyring: Found MIST_APITOKEN=%s",
-                                _apitoken_sanitizer(
-                                    token
-                                ),  # lgtm[py/clear-text-logging-sensitive-data]
-                            )
+                                _apitoken_sanitizer(token),
+                            )  # lgtm[py/clear-text-logging-sensitive-data]
                     self.set_api_token(mist_apitoken)
                 mist_user = keyring.get_password(keyring_service, "MIST_USER")
                 if mist_user:
@@ -538,10 +536,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
             data_json = data.json()
             LOGGER.debug(
                 "apisession:_get_api_token_data:info retrieved for token %s",
-                _apitoken_sanitizer(
-                    apitoken
-                ),  # lgtm[py/clear-text-logging-sensitive-data]
-            )
+                _apitoken_sanitizer(apitoken),
+            )  # lgtm[py/clear-text-logging-sensitive-data]
         except requests.exceptions.ProxyError as proxy_error:
             LOGGER.critical("apisession:_get_api_token_data:proxy not valid...")
             CONSOLE.critical("Proxy not valid...\r\n")
@@ -557,10 +553,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
         except Exception:
             LOGGER.error(
                 "apisession:_get_api_token_data:unable to retrieve info for token %s",
-                _apitoken_sanitizer(
-                    apitoken
-                ),  # lgtm[py/clear-text-logging-sensitive-data]
-            )
+                _apitoken_sanitizer(apitoken),
+            )  # lgtm[py/clear-text-logging-sensitive-data]
             LOGGER.error(
                 "apirequest:_get_api_token_data: Exception occurred", exc_info=True
             )
@@ -569,18 +563,14 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
         if data.status_code == 401:
             LOGGER.critical(
                 "apisession:_get_api_token_data:invalid API Token %s: status code %s",
-                _apitoken_sanitizer(
-                    apitoken
-                ),  # lgtm[py/clear-text-logging-sensitive-data]
+                _apitoken_sanitizer(apitoken),
                 data.status_code,
-            )
+            )  # lgtm[py/clear-text-logging-sensitive-data]
             CONSOLE.critical(
                 "Invalid API Token %s: status code %s\r\n",
-                _apitoken_sanitizer(
-                    apitoken
-                ),  # lgtm[py/clear-text-logging-sensitive-data]
+                _apitoken_sanitizer(apitoken),
                 data.status_code,
-            )
+            )  # lgtm[py/clear-text-logging-sensitive-data]
             raise ValueError(
                 f"Invalid API Token {_apitoken_sanitizer(apitoken)}: status code {data.status_code}"
             )
@@ -610,10 +600,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
                     "token %s",
                     priv,
                     token_type,
-                    _apitoken_sanitizer(
-                        apitoken
-                    ),  # lgtm[py/clear-text-logging-sensitive-data]
-                )
+                    _apitoken_sanitizer(apitoken),
+                )  # lgtm[py/clear-text-logging-sensitive-data]
         return (token_type, token_privileges)
 
     def _check_api_tokens(self, apitokens) -> list[str]:
@@ -628,76 +616,57 @@ def _check_api_tokens(self, apitokens) -> list[str]:
         else:
             primary_token_privileges: list[str] = []
             primary_token_type: str | None = ""
-            primary_token_value: str = ""
             for token in apitokens:
                 if token in valid_api_tokens:
                     LOGGER.info(
                         "apisession:_check_api_tokens:API Token %s is already valid",
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
                     continue
                 (token_type, token_privileges) = self._get_api_token_data(token)
                 if token_type is None or token_privileges is None:
                     LOGGER.error(
                         "apisession:_check_api_tokens:API Token %s is not valid",
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
                     LOGGER.error(
                         "API Token %s is not valid and will not be used",
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
                 elif len(primary_token_privileges) == 0 and token_privileges:
                     primary_token_privileges = token_privileges
                     primary_token_type = token_type
                     valid_api_tokens.append(token)
                     LOGGER.info(
                         "apisession:_check_api_tokens:"
                         "API Token %s set as primary for comparison",
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
                 elif primary_token_privileges == token_privileges:
                     valid_api_tokens.append(token)
                     LOGGER.info(
                         "apisession:_check_api_tokens:"
                         "%s API Token %s has same privileges as "
                         "the %s API Token %s",
                         token_type,
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
+                        _apitoken_sanitizer(token),
                         primary_token_type,
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data],
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data],
                 else:
                     LOGGER.error(
                         "apisession:_check_api_tokens:"
                         "%s API Token %s has different privileges "
                         "than the %s API Token %s",
                         token_type,
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
+                        _apitoken_sanitizer(token),
                         primary_token_type,
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
                     LOGGER.error(
                         "API Token %s has different privileges and will not be used",
-                        _apitoken_sanitizer(
-                            token
-                        ),  # lgtm[py/clear-text-logging-sensitive-data]
-                    )
+                        _apitoken_sanitizer(token),
+                    )  # lgtm[py/clear-text-logging-sensitive-data]
         return valid_api_tokens
 
     def _process_login(self, retry: bool = True) -> str | None:
@@ -1270,4 +1239,4 @@ def _apitoken_sanitizer(apitoken: str) -> str:
     str
         Substring of the API token to be used in the logs
     """
-    return f"{apitoken[:4]}...{apitoken[-4:]}"  # lgtm[py/clear-text-logging-sensitive-data]
+    return f"{apitoken[:4]}...{apitoken[-4:]}"
