-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exceptions on login are not logged #2066
Comments
@adragus-inviqa, thank you for your notification. Please feel free to contribute it with your pull request. Thank you! |
@adragus-inviqa do you like provide a PR? |
I think the reason for not logging the exceptions here is because of a possible PA DSS validation as in the exception message can contain sensitive customer data. M1 does not log the exceptions here as well, see https://github.com/OpenMage/magento-mirror/blob/magento-1.9/app/code/core/Mage/Customer/controllers/AccountController.php#L177 |
Then why is this "up for grabs"? That's why I ask first. |
closes magento#2066; further details on issue page
@therouv is correct… adding an exception log call here would be a PA-DSS violation - it is because the username/password are passed directly as arguments to the authenticate() method vs being passed as an object. An exception backtrace would contain the username and password in plaintext within the backtrace. I've opened a PR to correct the error message displayed to the user and also to re-add the note which was formerly there in M1. Closing this issue page. Please reopen if you disagree with this assessment. |
Fixed issue: MAGETWO-86656: app:config:dump doesn't work if run this command twice
Is there a reason for not logging them? Because I think they should definitely be logged.
magento2/app/code/Magento/Customer/Controller/Account/LoginPost.php
Lines 101 to 103 in 4985ace
The text was updated successfully, but these errors were encountered: