Merge branch 'master' into ocis-1715-lighter-runtime

CHANGELOG.md

@@ -11,6 +11,7 @@ The following sections list the changes for unreleased.
 * Bugfix - Fix accounts initialization: [#1696](https://github.com/owncloud/ocis/pull/1696)
 * Bugfix - Fix the ttl of the authentication middleware cache: [#1699](https://github.com/owncloud/ocis/pull/1699)
 * Change - Update ownCloud Web to v2.0.1: [#1683](https://github.com/owncloud/ocis/pull/1683)
+* Enhancement - Remove the JWT from the log: [#1758](https://github.com/owncloud/ocis/pull/1758)
 * Enhancement - Update go-micro to v3.5.1-0.20210217182006-0f0ace1a44a9: [#1670](https://github.com/owncloud/ocis/pull/1670)
 * Enhancement - Update reva to v1.6.1-0.20210223065028-53f39499762e: [#1683](https://github.com/owncloud/ocis/pull/1683)
 * Enhancement - Add initial nats and kubernetes registry support: [#1697](https://github.com/owncloud/ocis/pull/1697)
@@ -74,6 +75,12 @@ The following sections list the changes for unreleased.
    https://github.com/owncloud/ocis/pull/1683
    https://github.com/owncloud/web/releases/tag/v2.0.1
 
+* Enhancement - Remove the JWT from the log: [#1758](https://github.com/owncloud/ocis/pull/1758)
+
+   We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.
+
+   https://github.com/owncloud/ocis/pull/1758
+
 * Enhancement - Update go-micro to v3.5.1-0.20210217182006-0f0ace1a44a9: [#1670](https://github.com/owncloud/ocis/pull/1670)
 
    - We updated from go micro v2 (v2.9.1) go-micro v3 (v3.5.1 edge). - oCIS runtime is now aware of

changelog/unreleased/remove-log-secret.md

@@ -0,0 +1,5 @@
+Enhancement: Remove the JWT from the log 
+
+We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.
+
+https://github.com/owncloud/ocis/pull/1758

ocis-pkg/middleware/openidconnect.go

@@ -85,7 +85,7 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler {
 			}
 			userInfo, err := oidcProvider.UserInfo(customCtx, oauth2.StaticTokenSource(oauth2Token))
 			if err != nil {
-				opt.Logger.Error().Err(err).Str("token", string(token)).Msg("Failed to get userinfo")
+				opt.Logger.Error().Err(err).Msg("Failed to get userinfo")
 				http.Error(w, ErrInvalidToken.Error(), http.StatusUnauthorized)
 				return
 			}

proxy/pkg/middleware/oidc_auth.go

@@ -91,7 +91,7 @@ func (m oidcAuth) getClaims(token string, req *http.Request) (claims oidc.Standa
 			oauth2.StaticTokenSource(oauth2Token),
 		)
 		if err != nil {
-			m.logger.Error().Err(err).Str("token", token).Msg("Failed to get userinfo")
+			m.logger.Error().Err(err).Msg("Failed to get userinfo")
 			status = http.StatusUnauthorized
 			return
 		}

settings/package.json

@@ -20,7 +20,7 @@
     "acceptance-tests": "cucumber-js --require-module @babel/register --require-module @babel/polyfill --require ${TEST_INFRA_DIRECTORY}/acceptance/setup.js --require ui/tests/acceptance/stepDefinitions --require ${TEST_INFRA_DIRECTORY}/acceptance/stepDefinitions --format node_modules/cucumber-pretty -t \"${TEST_TAGS:-not @skip and not @skipOnOC10}\""
   },
   "devDependencies": {
-    "@babel/core": "^7.7.7",
+    "@babel/core": "^7.13.8",
     "@babel/plugin-proposal-class-properties": "^7.7.4",
     "@babel/plugin-proposal-export-default-from": "^7.7.4",
     "@babel/plugin-proposal-object-rest-spread": "^7.7.7",
@@ -35,7 +35,7 @@
     "@rollup/plugin-replace": "^2.3.0",
     "archiver": "^5.2.0",
     "axios": "^0.21.1",
-    "core-js": "3",
+    "core-js": "3.9.1",
     "cross-env": "^7.0.3",
     "cucumber": "^6.0.5",
     "cucumber-pretty": ">=6.0.0",