Merge pull request #1758 from owncloud/remove-log-secrets

remove JWT from logs
2026-01-04 11:19:39 -06:00 · 2021-03-03 16:28:45 +01:00
parent 0719d18586 c532073dd1
commit 57b337546d
3 changed files with 7 additions and 2 deletions
--- a/changelog/unreleased/remove-log-secret.md
+++ b/changelog/unreleased/remove-log-secret.md
@@ -0,0 +1,5 @@
+Enhancement: Remove the JWT from the log 
+
+We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.
+
+https://github.com/owncloud/ocis/pull/1758
--- a/ocis-pkg/middleware/openidconnect.go
+++ b/ocis-pkg/middleware/openidconnect.go
@@ -85,7 +85,7 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler {
 			}
 			userInfo, err := oidcProvider.UserInfo(customCtx, oauth2.StaticTokenSource(oauth2Token))
 			if err != nil {
-				opt.Logger.Error().Err(err).Str("token", string(token)).Msg("Failed to get userinfo")
+				opt.Logger.Error().Err(err).Msg("Failed to get userinfo")
 				http.Error(w, ErrInvalidToken.Error(), http.StatusUnauthorized)
 				return
 			}
--- a/proxy/pkg/middleware/oidc_auth.go
+++ b/proxy/pkg/middleware/oidc_auth.go
@@ -91,7 +91,7 @@ func (m oidcAuth) getClaims(token string, req *http.Request) (claims oidc.Standa
 			oauth2.StaticTokenSource(oauth2Token),
 		)
 		if err != nil {
-			m.logger.Error().Err(err).Str("token", token).Msg("Failed to get userinfo")
+			m.logger.Error().Err(err).Msg("Failed to get userinfo")
 			status = http.StatusUnauthorized
 			return
 		}