From d703937da5d93cf250bb8483c7ac91f390d663ec Mon Sep 17 00:00:00 2001
From: thec0sm0s <deepakrajko14@gmail.com>
Date: Fri, 24 Jul 2020 23:43:29 +0530
Subject: [PATCH] Make client secret and bot tokens protected attributes so
 that someone doesn't spills their secrets accidentally

---
 flask_discord/_http.py  | 8 ++++----
 flask_discord/client.py | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/flask_discord/_http.py b/flask_discord/_http.py
index d433b9f..7717760 100644
--- a/flask_discord/_http.py
+++ b/flask_discord/_http.py
@@ -45,9 +45,9 @@ class DiscordOAuth2HttpClient(abc.ABC):
 
     def __init__(self, app, client_id=None, client_secret=None, redirect_uri=None, bot_token=None, users_cache=None):
         self.client_id = client_id or app.config["DISCORD_CLIENT_ID"]
-        self.client_secret = client_secret or app.config["DISCORD_CLIENT_SECRET"]
+        self.__client_secret = client_secret or app.config["DISCORD_CLIENT_SECRET"]
         self.redirect_uri = redirect_uri or app.config["DISCORD_REDIRECT_URI"]
-        self.bot_token = bot_token or app.config.get("DISCORD_BOT_TOKEN", str())
+        self.__bot_token = bot_token or app.config.get("DISCORD_BOT_TOKEN", str())
         self.users_cache = cachetools.LFUCache(
             app.config.get("DISCORD_USERS_CACHE_MAX_LIMIT", configs.DISCORD_USERS_CACHE_DEFAULT_MAX_LIMIT)
         ) if users_cache is None else users_cache
@@ -102,7 +102,7 @@ class DiscordOAuth2HttpClient(abc.ABC):
             redirect_uri=self.redirect_uri,
             auto_refresh_kwargs={
                 'client_id': self.client_id,
-                'client_secret': self.client_secret,
+                'client_secret': self.__client_secret,
             },
             auto_refresh_url=configs.DISCORD_TOKEN_URL,
             token_updater=self._token_updater)
@@ -177,5 +177,5 @@ class DiscordOAuth2HttpClient(abc.ABC):
             Raises an instance of :py:class:`flask_discord.RateLimited` if application is being rate limited by Discord.
 
         """
-        headers = {"Authorization": f"Bot {self.bot_token}"}
+        headers = {"Authorization": f"Bot {self.__bot_token}"}
         return self.request(route, method=method, oauth=False, headers=headers, **kwargs)
diff --git a/flask_discord/client.py b/flask_discord/client.py
index 7eee9f1..4b55f50 100644
--- a/flask_discord/client.py
+++ b/flask_discord/client.py
@@ -83,7 +83,7 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
         discord = self._make_session(state=session.get("DISCORD_OAUTH2_STATE"))
         token = discord.fetch_token(
             configs.DISCORD_TOKEN_URL,
-            client_secret=self.client_secret,
+            client_secret=self.__client_secret,
             authorization_response=request.url
         )
         self._token_updater(token)