Don't leak passwords in log

author Chocobozzz <me@florianbigard.com>

Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)

committer Chocobozzz <me@florianbigard.com>

Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)
author Chocobozzz <me@florianbigard.com>
Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)
committer Chocobozzz <me@florianbigard.com>
Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts

index 990311d6f6cb0ecb1a5b5fc638a85398a4c4b0c5..b6591c9e1a99c9d4e2857ac2b14dc5e81c8d8b9b 100644 (file)
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -12,6 +12,7 @@ import { isSignupAllowed } from '../../helpers/utils'
  import { CONSTRAINTS_FIELDS } from '../../initializers'
  import { UserModel } from '../../models/account/user'
  import { areValidationErrors } from './utils'
+import { omit } from 'lodash'
  
  const usersAddValidator = [
    body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -21,7 +22,7 @@ const usersAddValidator = [
    body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
  
    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersAdd parameters', { parameters: req.body })
+    logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })
  
      if (areValidationErrors(req, res)) return
      if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -36,7 +37,7 @@ const usersRegisterValidator = [
    body('email').isEmail().withMessage('Should have a valid email'),
  
    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersRegister parameters', { parameters: req.body })
+    logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
  
      if (areValidationErrors(req, res)) return
      if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -96,7 +97,7 @@ const usersUpdateMeValidator = [
  
    (req: express.Request, res: express.Response, next: express.NextFunction) => {
      // TODO: Add old password verification
-    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
+    logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
  
      if (areValidationErrors(req, res)) return
  
@@ -131,7 +132,7 @@ const usersGetValidator = [
    param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  
    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersGet parameters', { parameters: req.body })
+    logger.debug('Checking usersGet parameters', { parameters: req.params })
  
      if (areValidationErrors(req, res)) return
      if (!await checkUserIdExist(req.params.id, res)) return
author	Chocobozzz <me@florianbigard.com>
	Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)
committer	Chocobozzz <me@florianbigard.com>
	Fri, 26 Jan 2018 12:55:27 +0000 (13:55 +0100)