[ARVADOS] updated: 1.1.4-186-g26538af
Git user
git at public.curoverse.com
Thu May 3 10:07:27 EDT 2018
Summary of changes:
services/api/config/initializers/lograge.rb | 10 ++++++++++
1 file changed, 10 insertions(+)
via 26538afdf1c8fdad14208d08a19bafb41e42044c (commit)
from 209dd423250e0ab9e9b4f9d27d28071669b13d7b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 26538afdf1c8fdad14208d08a19bafb41e42044c
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Thu May 3 10:05:40 2018 -0400
12626: Log UUID of auth record (if any) instead of supplied token.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/config/initializers/lograge.rb b/services/api/config/initializers/lograge.rb
index db9b225..ef4e428 100644
--- a/services/api/config/initializers/lograge.rb
+++ b/services/api/config/initializers/lograge.rb
@@ -27,6 +27,16 @@ Server::Application.configure do
end
end
+ # Redact new_user_token param in /arvados/v1/users/merge
+ # request. Log the auth UUID instead, if the token exists.
+ if params['new_user_token'].is_a? String
+ params['new_user_token_uuid'] =
+ ApiClientAuthorization.
+ where('api_token = ?', params['new_user_token']).
+ first.andand.uuid
+ params['new_user_token'] = '[...]'
+ end
+
params_s = SafeJSON.dump(params)
if params_s.length > Rails.configuration.max_request_log_params_size
payload[:params_truncated] = params_s[0..Rails.configuration.max_request_log_params_size] + "[...]"
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list