Merge pull request #6595 from overleaf/tm-avoid-logging-tokens

Clean up log lines that include tokens GitOrigin-RevId: 3b6acc9cdda4a91b9b10ce85a0650ccdeeea79a4
2024-11-21 20:47:08 -05:00 · 2022-02-11 12:24:26 +01:00 · 2022-02-11 12:24:26 +01:00 · 1c5949f715
commit 1c5949f715
parent 3b9da1d57e
4 changed files with 13 additions and 17 deletions
--- a/services/web/app/src/Features/Collaborators/CollaboratorsInviteController.js
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsInviteController.js
@ -263,10 +263,7 @@ module.exports = CollaboratorsInviteController = {
    const projectId = req.params.Project_id
    const { token } = req.params
    const _renderInvalidPage = function () {
-      logger.log(
-        { projectId, token },
-        'invite not valid, rendering not-valid page'
-      )
+      logger.log({ projectId }, 'invite not valid, rendering not-valid page')
      return res.render('project/invite/not-valid', { title: 'Invalid Invite' })
    }
    // check if the user is already a member of the project
@ -296,13 +293,12 @@ module.exports = CollaboratorsInviteController = {
            if (err != null) {
              OError.tag(err, 'error getting invite by token', {
                projectId,
-                token,
              })
              return next(err)
            }
            // check if invite is gone, or otherwise non-existent
            if (invite == null) {
-              logger.log({ projectId, token }, 'no invite found for this token')
+              logger.log({ projectId }, 'no invite found for this token')
              return _renderInvalidPage()
            }
            // check the user who sent the invite exists
@ -357,7 +353,7 @@ module.exports = CollaboratorsInviteController = {
    const { token } = req.params
    const currentUser = SessionManager.getSessionUser(req.session)
    logger.log(
-      { projectId, userId: currentUser._id, token },
+      { projectId, userId: currentUser._id },
      'got request to accept invite'
    )
    return CollaboratorsInviteHandler.acceptInvite(
--- a/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js
@ -276,7 +276,7 @@ const CollaboratorsInviteHandler = {
    if (callback == null) {
      callback = function () {}
    }
-    logger.log({ projectId, tokenString }, 'fetching invite by token')
+    logger.log({ projectId }, 'fetching invite by token')
    return ProjectInvite.findOne(
      { projectId, token: tokenString },
      function (err, invite) {
@ -287,7 +287,7 @@ const CollaboratorsInviteHandler = {
          return callback(err)
        }
        if (invite == null) {
-          logger.err({ err, projectId, token: tokenString }, 'no invite found')
+          logger.err({ err, projectId }, 'no invite found')
          return callback(null, null)
        }
        return callback(null, invite)
@ -299,7 +299,7 @@ const CollaboratorsInviteHandler = {
    if (callback == null) {
      callback = function () {}
    }
-    logger.log({ projectId, userId: user._id, tokenString }, 'accepting invite')
+    logger.log({ projectId, userId: user._id }, 'accepting invite')
    return CollaboratorsInviteHandler.getInviteByToken(
      projectId,
      tokenString,
@ -313,10 +313,7 @@ const CollaboratorsInviteHandler = {
        }
        if (!invite) {
          err = new Errors.NotFoundError('no matching invite found')
-          logger.log(
-            { err, projectId, tokenString },
-            'no matching invite found'
-          )
+          logger.log({ err, projectId }, 'no matching invite found')
          return callback(err)
        }
        const inviteId = invite._id
--- a/services/web/app/src/Features/TokenAccess/TokenAccessController.js
+++ b/services/web/app/src/Features/TokenAccess/TokenAccessController.js
@ -153,7 +153,7 @@ async function checkAndGetProjectOrResponseAction(
        ]
      } else {
        logger.warn(
-          { token, projectId },
+          { projectId },
          '[TokenAccess] deny anonymous read-and-write token access'
        )
        AuthenticationController.setRedirectInSession(
--- a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
+++ b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
@ -135,7 +135,7 @@ const TokenAccessHandler = {
            )
          ) {
            logger.err(
-              { token },
+              { projectId: project._id },
              'read-and-write token match on numeric section, but not on full token'
            )
            return callback(null, null)
@ -144,7 +144,10 @@ const TokenAccessHandler = {
          }
        } catch (error) {
          err = error
-          logger.err({ token, cryptoErr: err }, 'error comparing tokens')
+          logger.err(
+            { projectId: project._id, cryptoErr: err },
+            'error comparing tokens'
+          )
          return callback(null, null)
        }
      }