🔧 Add password to AXES_SENSITIVE_PARAMETERS

to obfuscate it in axes logs for failed logins

open_api_framework/conf/base.py

@@ -154,13 +154,14 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "maykin_2fa.middleware.OTPMiddleware",
+    "vng_api_common.middleware.AuthMiddleware",
     "mozilla_django_oidc_db.middleware.SessionRefresh",
+    "maykin_2fa.middleware.OTPMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "vng_api_common.middleware.APIVersionHeaderMiddleware",
     "axes.middleware.AxesMiddleware",
 ]
-
 ROOT_URLCONF = f"{PROJECT_DIRNAME}.urls"
 
 # List of callables that know how to import templates from various sources.
@@ -494,7 +495,7 @@
 AXES_BEHIND_REVERSE_PROXY = IS_HTTPS
 # By default, Axes obfuscates values for formfields named "password", but the admin
 # interface login formfield name is "auth-password", so we want to obfuscate that
-AXES_SENSITIVE_PARAMETERS = ["auth-password"]  # nosec
+AXES_SENSITIVE_PARAMETERS = ["password", "auth-password"]  # nosec
 
 # The default meta precedence order
 IPWARE_META_PRECEDENCE_ORDER = (