CVE-2019-7628: Do not leak partial API keys.
It was discovered that Pagure was leaking API keys by e-mailing
them to users. Few e-mail servers validate TLS certificates, so
it is possible for man-in-the-middle attacks to read these e-mails
and gain access to Pagure on the behalf of other users. The
vulnerability was introduced in .
This problem was partially addressed in a prior commit, but
that commit still leaks the first 5 characters of the key which
weakens the secret.
This commit uses the description of the API key instead of any part
of the secret in the e-mail sent to users so that none of the key
is e-mailed over the Internet.
Signed-off-by: Randy Barlow <email@example.com>