Remove TOTP secret from endpoint logs

This commit is contained in:
Clement Michaud 2017-10-17 23:09:17 +02:00
parent dacdce6c50
commit 2b65680774

View File

@ -23,12 +23,10 @@ export default function (vars: ServerVariables) {
return AuthenticationSession.get(req) return AuthenticationSession.get(req)
.then(function (_authSession: AuthenticationSession.AuthenticationSession) { .then(function (_authSession: AuthenticationSession.AuthenticationSession) {
authSession = _authSession; authSession = _authSession;
vars.logger.info(req, "Initiate TOTP validation for user '%s'.", authSession.userid); vars.logger.info(req, "Initiate TOTP validation for user \"%s\".", authSession.userid);
return vars.userDataStore.retrieveTOTPSecret(authSession.userid); return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
}) })
.then(function (doc: TOTPSecretDocument) { .then(function (doc: TOTPSecretDocument) {
vars.logger.debug(req, "TOTP secret is %s", JSON.stringify(doc));
if (!vars.totpHandler.validate(token, doc.secret.base32)) if (!vars.totpHandler.validate(token, doc.secret.base32))
return BluebirdPromise.reject(new Error("Invalid TOTP token.")); return BluebirdPromise.reject(new Error("Invalid TOTP token."));