Almost everything as been said about your code., but there is at least one last thing to say that is very important, that maaartinus mention in his answer : don't log passwords. Ever.

In this nature, passwords should be secret and known only to the holder of the account. I hope when you're storing your password you will do everything to protect it (hash, salt, etc). The problem is if you logged it, no matter how you protected it when you stored it, it will be logged forever in clear text. Logs are generally accessible and can be read by people that should probably not see the password of your user. This is a security issue and could be a severe security issue.

If you needed some output, you could use logger.debug which is most of time not activated in production, but keep in mind that you should not trust logging configurations in terms of security. The best option is to remove the password from the logging.

Almost everything as been said about your code., but there is at least one last thing to say that is very important, that maaartinus mention in his answer : don't log passwords. Ever.

In this nature, passwords should be secret and known only to the holder of the account. I hope when you're storing your password you will do everything to protect it (hash, salt, etc). The problem is if you logged it, no matter how you protected it when you stored it, it will be logged forever in clear text. Logs are generally accessible and can be read by people that should probably not see the password of your user. This is a security issue and could be a severe security issue.

If you needed some output, you could use logger.debug which is most of time not activated in production, but keep in mind that you should not trust logging configurations in terms of security. The best option is to remove the password from the logging.

Almost everything as been said about your code., but there is at least one last thing to say that is very important, that maaartinus mention in his answer : don't log password. Ever.

In his nature, password should be secret and known only to the holder of the account. I hope when you're storing your password you will do everything to protect it (hash, salt, etc). The problem is if you logged it, no matter how you protected it when you stored it, it will be logged forever in clear text. Log are generally accessible and can be read by people that should probably not see the password of your user. This is a security issue and could be a severe security issue.

If you needed some output, you could use logger.debug which is most of time not activated in production, but keep in mind that you should not trust logging configuration in term of security. The best option is to remove the password from the logging.

Almost everything as been said about your code., but there is at least one last thing to say that is very important, that maaartinus mention in his answer : don't log passwords. Ever.

In this nature, passwords should be secret and known only to the holder of the account. I hope when you're storing your password you will do everything to protect it (hash, salt, etc). The problem is if you logged it, no matter how you protected it when you stored it, it will be logged forever in clear text. Logs are generally accessible and can be read by people that should probably not see the password of your user. This is a security issue and could be a severe security issue.

If you needed some output, you could use logger.debug which is most of time not activated in production, but keep in mind that you should not trust logging configurations in terms of security. The best option is to remove the password from the logging.