Don't leak passwords in log

author: Chocobozzz <me@florianbigard.com> 2018-01-26 13:55:27 +0100
committer: Chocobozzz <me@florianbigard.com> 2018-01-26 13:55:27 +0100
commit: ce97fe366e0fc532bb6b91c458067953fc5738d0 (patch)
tree: ea1bc8d3a9ff430f6784f707e603b0813f978deb /server/middlewares/validators/users.ts
parent: 7acee6f18aac99e359360fc4f2362d5405135a79 (diff)
download: PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.gz
PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.zst
PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 990311d6f..b6591c9e1 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -12,6 +12,7 @@ import { isSignupAllowed } from '../../helpers/utils'
 import { CONSTRAINTS_FIELDS } from '../../initializers'
 import { UserModel } from '../../models/account/user'
 import { areValidationErrors } from './utils'
+import { omit } from 'lodash'
 const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -21,7 +22,7 @@ const usersAddValidator = [
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersAdd parameters', { parameters: req.body })
+    logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })
    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -36,7 +37,7 @@ const usersRegisterValidator = [
  body('email').isEmail().withMessage('Should have a valid email'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersRegister parameters', { parameters: req.body })
+    logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
@@ -96,7 +97,7 @@ const usersUpdateMeValidator = [
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
-    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
+    logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
    if (areValidationErrors(req, res)) return
@@ -131,7 +132,7 @@ const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersGet parameters', { parameters: req.body })
+    logger.debug('Checking usersGet parameters', { parameters: req.params })
    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return
author	Chocobozzz <me@florianbigard.com>	2018-01-26 13:55:27 +0100
committer	Chocobozzz <me@florianbigard.com>	2018-01-26 13:55:27 +0100
commit	ce97fe366e0fc532bb6b91c458067953fc5738d0 (patch)
tree	ea1bc8d3a9ff430f6784f707e603b0813f978deb /server/middlewares/validators/users.ts
parent	7acee6f18aac99e359360fc4f2362d5405135a79 (diff)
download	PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.gz PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.tar.zst PeerTube-ce97fe366e0fc532bb6b91c458067953fc5738d0.zip