Hide some attributes in logs and in session explorer (#612)

2013-10-08 14:16:46 +00:00 · 2013-10-08 14:16:46 +00:00 · e0b2a25cab
commit e0b2a25cab
parent 812bd51554
2 changed files with 17 additions and 9 deletions
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
@ -24,7 +24,7 @@ use utf8;
 our $whatToTrace;
 *whatToTrace = \$Lemonldap::NG::Handler::_CGI::whatToTrace;

-our $VERSION = '1.2.5';
+our $VERSION = '1.3.0';

 our @ISA = qw(
  Lemonldap::NG::Handler::CGI
@ -80,6 +80,10 @@ sub new {
    # Multi values separator
    $self->{multiValuesSeparator} ||= '; ';

+    # Attributes to hide
+    $self->{hiddenAttributes} = "_password"
+      unless defined $self->{hiddenAttributes};
+
    # Now we're ready to display sessions. Choose display type
    foreach my $k ( $self->param() ) {

@ -445,8 +449,8 @@ sub session {
            $value = $newvalue;
        }

-        # Hide password
-        $value = '******' if ( $_ =~ /^_password$/ );
+        # Hide attributes
+        $value = '****' if ( $self->{hiddenAttributes} =~ /\b$_\b/ );

        # Manage timestamp
        if ( $_ =~ /^(_utime|_lastAuthnUTime)$/ ) {
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -572,6 +572,8 @@ sub setDefaultValues {
    $self->{confirmFormMethod}  ||= "post";
    $self->{redirectFormMethod} ||= "get";
    $self->{authChoiceParam}    ||= "lmAuth";
+    $self->{hiddenAttributes} = "_password"
+      unless defined $self->{hiddenAttributes};

    # Set default userDB and passwordDB to DBI if authentication is DBI
    if ( $self->{authentication} =~ /DBI/i ) {
@ -759,9 +761,9 @@ sub buildHiddenForm {

        # Build hidden input HTML code
        $val .=
-            '<input type="hidden" name="'
-          . $_
-          . '" id="'
+            '<input type="hidden" name="' 
+          . $_ 
+          . '" id="' 
          . $_
          . '" value="'
          . $self->{portalHiddenFormValues}->{$_} . '" />';
@ -2453,9 +2455,11 @@ sub store {
      or return PE_APACHESESSIONERROR;
    foreach my $k ( keys %{ $self->{sessionInfo} } ) {
        next unless defined $self->{sessionInfo}->{$k};
-        $self->lmLog(
-            "Store " . $self->{sessionInfo}->{$k} . " in session key $k",
-            'debug' );
+        my $displayValue = $self->{sessionInfo}->{$k};
+        if ( $self->{hiddenAttributes} =~ /\b$k\b/ ) {
+            $displayValue = '****';
+        }
+        $self->lmLog( "Store $displayValue in session key $k", 'debug' );
        $h->{$k} = $self->{sessionInfo}->{$k};
    }
    untie %$h;