From ce97fe366e0fc532bb6b91c458067953fc5738d0 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 26 Jan 2018 13:55:27 +0100 Subject: [PATCH] Don't leak passwords in log --- server/middlewares/validators/users.ts | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 990311d6f..b6591c9e1 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -12,6 +12,7 @@ import { isSignupAllowed } from '../../helpers/utils' import { CONSTRAINTS_FIELDS } from '../../initializers' import { UserModel } from '../../models/account/user' import { areValidationErrors } from './utils' +import { omit } from 'lodash' const usersAddValidator = [ body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), @@ -21,7 +22,7 @@ const usersAddValidator = [ body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking usersAdd parameters', { parameters: req.body }) + logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') }) if (areValidationErrors(req, res)) return if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return @@ -36,7 +37,7 @@ const usersRegisterValidator = [ body('email').isEmail().withMessage('Should have a valid email'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking usersRegister parameters', { parameters: req.body }) + logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') }) if (areValidationErrors(req, res)) return if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return @@ -96,7 +97,7 @@ const usersUpdateMeValidator = [ (req: express.Request, res: express.Response, next: express.NextFunction) => { // TODO: Add old password verification - logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) + logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) if (areValidationErrors(req, res)) return @@ -131,7 +132,7 @@ const usersGetValidator = [ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking usersGet parameters', { parameters: req.body }) + logger.debug('Checking usersGet parameters', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await checkUserIdExist(req.params.id, res)) return