Merge pull request #1758 from owncloud/remove-log-secrets

remove JWT from logs
owncloud · Mar 3, 2021 · 57b3375 · 57b3375
2 parents 0719d18 + c532073
commit 57b3375
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/changelog/unreleased/remove-log-secret.md b/changelog/unreleased/remove-log-secret.md
@@ -0,0 +1,5 @@
+Enhancement: Remove the JWT from the log 
+
+We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.
+
+https://github.com/owncloud/ocis/pull/1758
diff --git a/ocis-pkg/middleware/openidconnect.go b/ocis-pkg/middleware/openidconnect.go
@@ -85,7 +85,7 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler {
 			}
 			userInfo, err := oidcProvider.UserInfo(customCtx, oauth2.StaticTokenSource(oauth2Token))
 			if err != nil {
-				opt.Logger.Error().Err(err).Str("token", string(token)).Msg("Failed to get userinfo")
+				opt.Logger.Error().Err(err).Msg("Failed to get userinfo")
 				http.Error(w, ErrInvalidToken.Error(), http.StatusUnauthorized)
 				return
 			}

diff --git a/proxy/pkg/middleware/oidc_auth.go b/proxy/pkg/middleware/oidc_auth.go
@@ -91,7 +91,7 @@ func (m oidcAuth) getClaims(token string, req *http.Request) (claims oidc.Standa
 			oauth2.StaticTokenSource(oauth2Token),
 		)
 		if err != nil {
-			m.logger.Error().Err(err).Str("token", token).Msg("Failed to get userinfo")
+			m.logger.Error().Err(err).Msg("Failed to get userinfo")
 			status = http.StatusUnauthorized
 			return
 		}