From 94324753f5758422d80b322cb4a7b5209de537f9 Mon Sep 17 00:00:00 2001
From: Ernesto Serrano <info@ernesto.es>
Date: Tue, 31 Mar 2026 11:47:53 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 5: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/py_moodle/auth.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/py_moodle/auth.py b/src/py_moodle/auth.py
index 1676b2c..734d71d 100644
--- a/src/py_moodle/auth.py
+++ b/src/py_moodle/auth.py
@@ -178,9 +178,12 @@ def _cas_login(self):
             "_eventId": "submit",
         }
         if self.debug:
-            redacted_payload = payload.copy()
-            if "password" in redacted_payload:
-                redacted_payload["password"] = "***REDACTED***"
+            redacted_payload = {
+                "username": self.username,
+                "password": "***REDACTED***",
+                "execution": cas_id,
+                "_eventId": "submit",
+            }
             print(f"[DEBUG] POST {cas_login_url} payload={redacted_payload}")
         # Keep session cookies in self.session
         resp = self.session.post(cas_login_url, data=payload, allow_redirects=False)