diff options
author | Chocobozzz <me@florianbigard.com> | 2018-01-26 13:55:27 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-01-26 13:55:27 +0100 |
commit | ce97fe366e0fc532bb6b91c458067953fc5738d0 (patch) | |
tree | ea1bc8d3a9ff430f6784f707e603b0813f978deb | |
parent | 7acee6f18aac99e359360fc4f2362d5405135a79 (diff) | |
download | PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.gz PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.zst PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.zip |
Don't leak passwords in log
-rw-r--r-- | server/middlewares/validators/users.ts | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 990311d6f..b6591c9e1 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -12,6 +12,7 @@ import { isSignupAllowed } from '../../helpers/utils' | |||
12 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 12 | import { CONSTRAINTS_FIELDS } from '../../initializers' |
13 | import { UserModel } from '../../models/account/user' | 13 | import { UserModel } from '../../models/account/user' |
14 | import { areValidationErrors } from './utils' | 14 | import { areValidationErrors } from './utils' |
15 | import { omit } from 'lodash' | ||
15 | 16 | ||
16 | const usersAddValidator = [ | 17 | const usersAddValidator = [ |
17 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), | 18 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), |
@@ -21,7 +22,7 @@ const usersAddValidator = [ | |||
21 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | 22 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), |
22 | 23 | ||
23 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 24 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
24 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 25 | logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') }) |
25 | 26 | ||
26 | if (areValidationErrors(req, res)) return | 27 | if (areValidationErrors(req, res)) return |
27 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return | 28 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return |
@@ -36,7 +37,7 @@ const usersRegisterValidator = [ | |||
36 | body('email').isEmail().withMessage('Should have a valid email'), | 37 | body('email').isEmail().withMessage('Should have a valid email'), |
37 | 38 | ||
38 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 39 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
39 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) | 40 | logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') }) |
40 | 41 | ||
41 | if (areValidationErrors(req, res)) return | 42 | if (areValidationErrors(req, res)) return |
42 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return | 43 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return |
@@ -96,7 +97,7 @@ const usersUpdateMeValidator = [ | |||
96 | 97 | ||
97 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 98 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
98 | // TODO: Add old password verification | 99 | // TODO: Add old password verification |
99 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) | 100 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) |
100 | 101 | ||
101 | if (areValidationErrors(req, res)) return | 102 | if (areValidationErrors(req, res)) return |
102 | 103 | ||
@@ -131,7 +132,7 @@ const usersGetValidator = [ | |||
131 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 132 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
132 | 133 | ||
133 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 134 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
134 | logger.debug('Checking usersGet parameters', { parameters: req.body }) | 135 | logger.debug('Checking usersGet parameters', { parameters: req.params }) |
135 | 136 | ||
136 | if (areValidationErrors(req, res)) return | 137 | if (areValidationErrors(req, res)) return |
137 | if (!await checkUserIdExist(req.params.id, res)) return | 138 | if (!await checkUserIdExist(req.params.id, res)) return |