Skip to content

:token added to filter_parameters breaks logging of the application #792

New issue
New issue
Closed
Closed
:token added to filter_parameters breaks logging of the application#792
@dup2

Description

@dup2
dup2
opened on Feb 25, 2016

The gem uses

module Doorkeeper
  class Engine < Rails::Engine
    initializer "doorkeeper.params.filter" do |app|
      app.config.filter_parameters += [:client_secret, :code, :token]
    end
   # .. omitted
  end
end

to prevent pot. sensitive information being logged anywhere.

These parameters are greedy, they will also affect any other parameters in a request containing these words, i.e. with the default configuration the paramter custom_token will also get logged as FILTERED which affects our application.

With a quick code check, I found :access_token and :refresh_token being used, I'm not sure what :code is meant for.

I'd propose to use more specific matchers instead of the generic :token to be added in the initializer:

[:client_secret, :access_token, :refresh_token]

What do you think? Shall I create a PR for this?

Cheers

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions