Ability to filter passwords from the log in mod_http_api (#1888)

* Ability to filter passwords from the log when creating users through the mod_http_api
author: Marco Adkins <madkins@virtualhold.com> 2017-07-27 09:30:56 -0400
committer: Paweł Chmielowski <prefiks@prefiks.org> 2017-07-27 15:30:56 +0200
commit: ea96615460dfcc3c9894086450379b6edf8b8329 (patch)
tree: 9381a55971118d122ff1c66dc3d5a7d36e81aa97 /src/mod_http_api.erl
parent: Update oauth2 dependency (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl
index 7be05dbf..ef881d14 100644
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@@ -538,9 +538,17 @@ json_error(HTTPCode, JSONCode, Message) ->
 
 log(Call, Args, {Addr, Port}) ->
     AddrS = misc:ip_to_list({Addr, Port}),
-    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
+    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, hide_sensitive_args(Args), AddrS, Port]);
 log(Call, Args, IP) ->
-    ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
+    ?INFO_MSG("API call ~s ~p (~p)", [Call, hide_sensitive_args(Args), IP]).
+
+hide_sensitive_args(Args=[_H|_T]) ->
+    lists:map( fun({<<"password">>, Password}) -> {<<"password">>, ejabberd_config:may_hide_data(Password)};
+         ({<<"newpass">>,NewPassword}) -> {<<"newpass">>, ejabberd_config:may_hide_data(NewPassword)};
+         (E) -> E end,
+         Args);
+hide_sensitive_args(NonListArgs) ->
+    NonListArgs.
 
 permission_addon() ->
     Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access, none),
author	Marco Adkins <madkins@virtualhold.com>	2017-07-27 09:30:56 -0400
committer	Paweł Chmielowski <prefiks@prefiks.org>	2017-07-27 15:30:56 +0200
commit	ea96615460dfcc3c9894086450379b6edf8b8329 (patch)
tree	9381a55971118d122ff1c66dc3d5a7d36e81aa97 /src/mod_http_api.erl
parent	Update oauth2 dependency (diff)