do not echo query parameter values on exceptions (#1789) (#1790)

pygeoapi/api/__init__.py

@@ -1441,7 +1441,8 @@ class API:
         # Content-Language is in the system locale (ignore language settings)
         headers = request.get_response_headers(SYSTEM_LOCALE,
                                                **self.api_headers)
-        msg = f'Invalid format: {request.format}'
+        msg = 'Invalid format requested'
+        LOGGER.error(f'{msg}: {request.format}')
         return self.get_exception(
             HTTPStatus.BAD_REQUEST, headers,
             request.format, 'InvalidParameterValue', msg)

pygeoapi/api/itemtypes.py

@@ -451,7 +451,8 @@ def get_collection_items(
                 geometry_column_name=provider_def.get('geom_field'),
             )
         except Exception:
-            msg = f'Bad CQL string : {cql_text}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {cql_text}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)
@@ -849,7 +850,7 @@ def post_collection_items(
     if (request_headers.get(
         'Content-Type') or request_headers.get(
             'content-type')) != 'application/query-cql-json':
-        msg = ('Invalid body content-type')
+        msg = 'Invalid body content-type'
         return api.get_exception(
             HTTPStatus.BAD_REQUEST, headers, request.format,
             'InvalidHeaderValue', msg)
@@ -885,7 +886,8 @@ def post_collection_items(
                 geometry_column_name=provider_def.get('geom_field')
             )
         except Exception:
-            msg = f'Bad CQL string : {data}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {data}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)
@@ -894,7 +896,8 @@ def post_collection_items(
         try:
             filter_ = CQLModel.parse_raw(data)
         except Exception:
-            msg = f'Bad CQL string : {data}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {data}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)

tests/api/test_api.py

@@ -389,6 +389,9 @@ def test_api(config, api_, openapi):
     assert rsp_headers['Content-Language'] == 'en-US'
     assert code == HTTPStatus.BAD_REQUEST
 
+    response = json.loads(response)
+    assert response['description'] == 'Invalid format requested'
+
     assert api_.get_collections_url() == 'http://localhost:5000/collections'
 
 

tests/test_postgresql_provider.py

@@ -556,7 +556,7 @@ def test_get_collection_items_postgresql_cql_bad_cql(pg_api_, bad_cql):
     assert code == HTTPStatus.BAD_REQUEST
     error_response = json.loads(response)
     assert error_response['code'] == 'InvalidParameterValue'
-    assert error_response['description'] == f'Bad CQL string : {bad_cql}'
+    assert error_response['description'] == 'Bad CQL text'
 
 
 def test_post_collection_items_postgresql_cql(pg_api_):
@@ -642,7 +642,7 @@ def test_post_collection_items_postgresql_cql_bad_cql(pg_api_, bad_cql):
     assert code == HTTPStatus.BAD_REQUEST
     error_response = json.loads(response)
     assert error_response['code'] == 'InvalidParameterValue'
-    assert error_response['description'].startswith('Bad CQL string')
+    assert error_response['description'] == 'Bad CQL text'
 
 
 def test_get_collection_items_postgresql_crs(pg_api_):