unchained icon indicating copy to clipboard operation
unchained copied to clipboard
verified publisher icon unchainedshop

Obfuscate credentials and tokens in job logs

Open pozylon opened this issue 4 years ago • 2 comments

Currently, reset tokens appear in the Unchained Controlpanel when looking at ACCOUNT_ACTION messages and generated EMAIL jobs.

It should walk the objects deepyl and obfuscate all credentials and tokens before sending it to the frontend. Maybe based on a blacklist? Fields like "password", "token", "plainPassword", "authorization", "secret".

createGraphQLServer.js already contains a blacklist, the list should contain defaults and it should be possible to extend it.

Apply logic to all log style data that is returned to the UI, sent to third party or printed to stdout

pozylon avatar Feb 18 '21 09:02 pozylon

@Mikearaya Isn't this solved already for the Work Queue? Or is it only solved on Events?

pozylon avatar May 18 '22 07:05 pozylon

@pozylon no it's only solved for user events https://github.com/unchainedshop/unchained/blob/master/packages/core-users/src/module/configureUsersModule.ts#L27

Mikearaya avatar May 18 '22 13:05 Mikearaya