fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Property AUTH_SOURCE_PASSWORD is no longer visible in logs

Browse Source 
Observations have been fixed
This commit is contained in:
Martin Laguna
2022-10-19 12:41:18 -04:00
parent 6a3d35c66a
commit b54d5b6102
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
rbac/engine/classes/model/AuthenticationSource.php
View File

@@ -63,6 +63,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
}
}
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
// Removing sensitive data
$loggableData = $aData;
unset($loggableData['AUTH_SOURCE_PASSWORD']);
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
try {
$oAuthenticationSource = new AuthenticationSource();
@@ -71,7 +76,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
$oConnection->begin();
$iResult = $oAuthenticationSource->save();
$oConnection->commit();
Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($aData));
Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($loggableData));
$authSourceServerName = isset($aData['AUTH_SOURCE_SERVER_NAME']) ? ' - Server Name: '.$aData['AUTH_SOURCE_SERVER_NAME'] : '';
$authSourcePort = isset($aData['AUTH_SOURCE_PORT']) ? ' - Port: '.$aData['AUTH_SOURCE_PORT'] : '';
@@ -116,6 +121,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
$authSourceFilter = isset($aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) ? ' - Aditional Filter: '.$aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER'] : '';
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
// Removing sensitive data
$loggableData = $aData;
unset($loggableData['AUTH_SOURCE_PASSWORD']);
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
try {
$oAuthenticationSource = AuthenticationSourcePeer::retrieveByPK($aData['AUTH_SOURCE_UID']);
@@ -125,7 +135,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
$oConnection->begin();
$iResult = $oAuthenticationSource->save();
$oConnection->commit();
Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($aData));
Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($loggableData));
G::auditLog("UpdateAuthSource", "Authentication Source Name: ".$aData['AUTH_SOURCE_NAME']." - Authentication Source ID: (".$aData['AUTH_SOURCE_UID'].") ".$authSourceServerName.$authSourcePort.$authSourceEnabledTLS.$authSourceVersion.$authSourceBaseDn.$authAnonymous.$authSourceSearchUser.$authSourceLdapType.$authSourceIdentifier.$authSourceFilter);
return $iResult;
}
@@ -135,7 +145,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
foreach($aValidationFailures as $oValidationFailure) {
$sMessage .= $oValidationFailure->getMessage() . '<br />';
}
Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($aData));
Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($loggableData));
throw(new Exception('The registry cannot be updated!<br />'.$sMessage));
}
}