codecov · nora-codecov · May 13, 2024 · May 2, 2024 · May 2, 2024 · May 3, 2024
diff --git a/codecov_auth/authentication/repo_auth.py b/codecov_auth/authentication/repo_auth.py
@@ -1,5 +1,4 @@
 import logging
-import random
 import re
 from datetime import datetime
 from typing import List
@@ -232,54 +231,19 @@ def authenticate_credentials(self, key):
             )
 
 
-def get_token_slice_for_logging(token):
-    """
-    temporary - for troubleshooting OIDC auth
-    """
-    random_int = random.randint(0, 999999999)
-    if token is None:
-        return f"Token is None, here is a random int {random_int}"
-    if len(str(token)) > 49:
-        # preferred
-        return str(token)[39:49]
-    return f"Token is short, here is a random int {random_int}"
-
-
 class GitHubOIDCTokenAuthentication(authentication.TokenAuthentication):
     def authenticate_credentials(self, token):
-        token_slice_for_logging = get_token_slice_for_logging(token=token)
-        log.info(
-            "In GitHubOIDCTokenAuthentication 1",
-            extra=dict(
-                token_slice=token_slice_for_logging,
-            ),
-        )
         if not token or is_uuid(token):
-            log.info(
-                "In GitHubOIDCTokenAuthentication 2",
-                extra=dict(
-                    token_slice=token_slice_for_logging,
-                    is_uuid=is_uuid(token),
-                ),
-            )
             return None  # continue to next auth class
+
         try:
-            repository = get_repo_with_github_actions_oidc_token(
-                token, token_slice=token_slice_for_logging
-            )
+            repository = get_repo_with_github_actions_oidc_token(token)
         except (ObjectDoesNotExist, PyJWTError) as e:
-            log.info(
-                "In GitHubOIDCTokenAuthentication 10",
-                extra=dict(
-                    token_slice=token_slice_for_logging,
-                    error_message=f"{e}",
-                ),
-            )
             return None  # continue to next auth class
 
         log.info(
-            "In GitHubOIDCTokenAuthentication Success",
-            extra=dict(token_slice=token_slice_for_logging, repository=str(repository)),
+            "GitHubOIDCTokenAuthentication Success",
+            extra=dict(repository=str(repository)),  # Repo<author/name>
         )
 
         return (

diff --git a/codecov_auth/tests/unit/test_repo_authentication.py b/codecov_auth/tests/unit/test_repo_authentication.py
@@ -21,7 +21,6 @@
     RepositoryTokenAuthentication,
     TokenlessAuth,
     TokenlessAuthentication,
-    get_token_slice_for_logging,
 )
 from codecov_auth.models import SERVICE_GITHUB, OrganizationLevelToken, RepositoryToken
 from codecov_auth.tests.factories import OwnerFactory
@@ -273,29 +272,6 @@ def test_authenticate_credentials_oidc_valid(self, mocked_get_repo_with_token, d
         assert user._repository == repository
         assert auth.get_scopes() == ["upload"]
 
-    @patch("codecov_auth.authentication.repo_auth.random.randint")
-    def test_get_token_slice_for_logging(self, rand_mock, _):
-        rand_mock.return_value = "0000"
-        result = get_token_slice_for_logging(token=None)
-        assert result == "Token is None, here is a random int 0000"
-
-        result = get_token_slice_for_logging(token=False)
-        assert result == "Token is short, here is a random int 0000"
-
-        result = get_token_slice_for_logging(token=uuid.uuid4())
-        assert result == "Token is short, here is a random int 0000"
-
-        result = get_token_slice_for_logging(token=123)
-        assert result == "Token is short, here is a random int 0000"
-
-        result = get_token_slice_for_logging(token="123")
-        assert result == "Token is short, here is a random int 0000"
-
-        jwt_like_str = "01234567890123456789012345678901234567890123456789"
-        result = get_token_slice_for_logging(token=jwt_like_str)
-        assert len(jwt_like_str) == 50
-        assert result == "9012345678"
-
 
 class TestOrgLevelTokenAuthentication(object):
     @override_settings(IS_ENTERPRISE=True)

@@ -37,7 +37,6 @@
 from utils.config import get_config
 from utils.encryption import encryptor
 from utils.github import get_github_integration_token
-
 from .constants import ci, global_upload_token_providers
 
 is_pull_noted_in_branch = re.compile(r".*(pull|pr)\/(\d+).*")
@@ -222,37 +221,16 @@ def parse_params(data):
     return v.document
 
 
-def get_repo_with_github_actions_oidc_token(token, token_slice=None):
+def get_repo_with_github_actions_oidc_token(token):
     unverified_contents = jwt.decode(token, options={"verify_signature": False})
     token_issuer = str(unverified_contents.get("iss"))
-    log.info(
-        "In GitHubOIDCTokenAuthentication 3",
-        extra=dict(
-            token_slice=token_slice,
-            unverified_contents=unverified_contents,
-            token_issuer=token_issuer,
-        ),
-    )
     if token_issuer == "https://token.actions.githubusercontent.com":
         service = "github"
         jwks_url = "https://token.actions.githubusercontent.com/.well-known/jwks"
-        log.info(
-            "In GitHubOIDCTokenAuthentication 4",
-            extra=dict(
-                token_slice=token_slice,
-                token_issuer=token_issuer,
-                service=service,
-                jwks_url=jwks_url,
-            ),
-        )
     else:
         service = "github_enterprise"
         github_enterprise_url = get_config("github_enterprise", "url")
         jwks_url = f"{github_enterprise_url}/_services/token/.well-known/jwks"
-        log.info(
-            "In GitHubOIDCTokenAuthentication 5",
-            extra=dict(token_slice=token_slice, service=service, jwks_url=jwks_url),
-        )
     jwks_client = PyJWKClient(jwks_url)
     signing_key = jwks_client.get_signing_key_from_jwt(token)
     data = jwt.decode(
@@ -262,30 +240,11 @@ def get_repo_with_github_actions_oidc_token(token, token_slice=None):
         audience=[settings.CODECOV_API_URL, settings.CODECOV_URL],
     )
     repo = str(data.get("repository")).split("/")[-1]
-    log.info(
-        "In GitHubOIDCTokenAuthentication 6",
-        extra=dict(
-            token_slice=token_slice,
-            decoded_token=data,
-            repo=repo,
-        ),
-    )
     repository = Repository.objects.get(
         author__service=service,
         name=repo,
         author__username=data.get("repository_owner"),
     )
-    log.info(
-        "In GitHubOIDCTokenAuthentication 7",
-        extra=dict(
-            token_slice=token_slice,
-            author__service=service,
-            repo=repo,
-            author__username=data.get("repository_owner"),
-            repoid=repository.repoid,
-            repo_obj=str(repository),  # Repo<author/name>
-        ),
-    )
     return repository