Ability to filter passwords from the log in mod_http_api (#1888)

author Marco Adkins <madkins@virtualhold.com>

Thu, 27 Jul 2017 13:30:56 +0000 (09:30 -0400)

committer Paweł Chmielowski <prefiks@prefiks.org>

Thu, 27 Jul 2017 13:30:56 +0000 (15:30 +0200)
author Marco Adkins <madkins@virtualhold.com>
Thu, 27 Jul 2017 13:30:56 +0000 (09:30 -0400)
committer Paweł Chmielowski <prefiks@prefiks.org>
Thu, 27 Jul 2017 13:30:56 +0000 (15:30 +0200)
diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl

index 7be05dbf196880caaaeafe8d4d145f3b15308450..ef881d14b554b0ad76a1b1826e7dc7332eb43720 100644 (file)
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@@ -538,9 +538,17 @@ json_error(HTTPCode, JSONCode, Message) ->
  
  log(Call, Args, {Addr, Port}) ->
      AddrS = misc:ip_to_list({Addr, Port}),
-    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
+    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, hide_sensitive_args(Args), AddrS, Port]);
  log(Call, Args, IP) ->
-    ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
+    ?INFO_MSG("API call ~s ~p (~p)", [Call, hide_sensitive_args(Args), IP]).
+
+hide_sensitive_args(Args=[_H|_T]) ->
+    lists:map( fun({<<"password">>, Password}) -> {<<"password">>, ejabberd_config:may_hide_data(Password)};
+         ({<<"newpass">>,NewPassword}) -> {<<"newpass">>, ejabberd_config:may_hide_data(NewPassword)};
+         (E) -> E end,
+         Args);
+hide_sensitive_args(NonListArgs) ->
+    NonListArgs.
  
  permission_addon() ->
      Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access, none),
author	Marco Adkins <madkins@virtualhold.com>
	Thu, 27 Jul 2017 13:30:56 +0000 (09:30 -0400)
committer	Paweł Chmielowski <prefiks@prefiks.org>
	Thu, 27 Jul 2017 13:30:56 +0000 (15:30 +0200)