aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-01-26 13:55:27 +0100
committerChocobozzz <me@florianbigard.com>2018-01-26 13:55:27 +0100
commitce97fe366e0fc532bb6b91c458067953fc5738d0 (patch)
treeea1bc8d3a9ff430f6784f707e603b0813f978deb
parent7acee6f18aac99e359360fc4f2362d5405135a79 (diff)
downloadPeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.gz
PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.zst
PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.zip
Don't leak passwords in log
-rw-r--r--server/middlewares/validators/users.ts9
1 files changed, 5 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 990311d6f..b6591c9e1 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -12,6 +12,7 @@ import { isSignupAllowed } from '../../helpers/utils'
12import { CONSTRAINTS_FIELDS } from '../../initializers' 12import { CONSTRAINTS_FIELDS } from '../../initializers'
13import { UserModel } from '../../models/account/user' 13import { UserModel } from '../../models/account/user'
14import { areValidationErrors } from './utils' 14import { areValidationErrors } from './utils'
15import { omit } from 'lodash'
15 16
16const usersAddValidator = [ 17const usersAddValidator = [
17 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), 18 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -21,7 +22,7 @@ const usersAddValidator = [
21 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), 22 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
22 23
23 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 24 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
24 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 25 logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })
25 26
26 if (areValidationErrors(req, res)) return 27 if (areValidationErrors(req, res)) return
27 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return 28 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -36,7 +37,7 @@ const usersRegisterValidator = [
36 body('email').isEmail().withMessage('Should have a valid email'), 37 body('email').isEmail().withMessage('Should have a valid email'),
37 38
38 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 39 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
39 logger.debug('Checking usersRegister parameters', { parameters: req.body }) 40 logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
40 41
41 if (areValidationErrors(req, res)) return 42 if (areValidationErrors(req, res)) return
42 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return 43 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -96,7 +97,7 @@ const usersUpdateMeValidator = [
96 97
97 (req: express.Request, res: express.Response, next: express.NextFunction) => { 98 (req: express.Request, res: express.Response, next: express.NextFunction) => {
98 // TODO: Add old password verification 99 // TODO: Add old password verification
99 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) 100 logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
100 101
101 if (areValidationErrors(req, res)) return 102 if (areValidationErrors(req, res)) return
102 103
@@ -131,7 +132,7 @@ const usersGetValidator = [
131 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), 132 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
132 133
133 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 134 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
134 logger.debug('Checking usersGet parameters', { parameters: req.body }) 135 logger.debug('Checking usersGet parameters', { parameters: req.params })
135 136
136 if (areValidationErrors(req, res)) return 137 if (areValidationErrors(req, res)) return
137 if (!await checkUserIdExist(req.params.id, res)) return 138 if (!await checkUserIdExist(req.params.id, res)) return