Skip to content

Commit

Permalink
Removing web credentials from debug log (runatlantis#2072)
Browse files Browse the repository at this point in the history 
* Hashing web credentials

* Fix syntactic error

* Using strong cryptogrpahic primitive

* Entirely removing credentials

* Removing unused constant

* Removing redundant formatting parameters
  • Loading branch information
@pkaramol @krrrr38
pkaramol authored and krrrr38 committed Dec 16, 2022
1 parent ac33d2c commit 6214cf7
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions server/middleware.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,12 @@ func (l *RequestLogger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next
user, pass, ok := r.BasicAuth()
if ok {
r.SetBasicAuth(user, pass)
l.logger.Debug("user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
if user == l.WebUsername && pass == l.WebPassword {
l.logger.Debug("[VALID] user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
l.logger.Debug("[VALID] log in: >> url: %s", r.URL.RequestURI())
allowed = true
} else {
allowed = false
l.logger.Info("[INVALID] user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
l.logger.Info("[INVALID] log in attempt: >> url: %s", r.URL.RequestURI())
}
}
}
Expand Down

0 comments on commit 6214cf7

Please sign in to comment.