Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide 'client_secret' from basic auth on the revad logs #1145

Closed
SamuAlfageme opened this issue Sep 7, 2020 · 2 comments · Fixed by #1142
Closed

Hide 'client_secret' from basic auth on the revad logs #1145

SamuAlfageme opened this issue Sep 7, 2020 · 2 comments · Fixed by #1142

Comments

@SamuAlfageme
Copy link
Contributor

Prevent the user details from leaking in the logs while using basic auth. username:password combination results in:

2020-09-07T07:41:14Z DBG credentials obtained from credential strategy: 
  &{Type:basic ClientID:username ClientSecret:password} pkg=rhttp service=reva traceid=d287ba9aeb200dee348061f989fb9fd9

2020-09-07T07:41:14Z DBG AuthenticateRequest: 
  type:"basic" client_id:"username" client_secret:"password"  against localhost:9142 pkg=rhttp service=reva traceid=d287ba9aeb200dee348061f989fb9fd9
@SamuAlfageme
Copy link
Contributor Author

@ishank011 is this one covered by 519cc19? If so, I guess we can link the PR to auto-close on merge.

@ishank011
Copy link
Contributor

Yep. I'll update the PR description

@ishank011 ishank011 mentioned this issue Sep 8, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Functionality to map home directory to different storage providers ishank011/reva
2 participants
@SamuAlfageme @ishank011