From 7b74224a802726907f6c5a1d8f40284e0c8c378c Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Fri, 17 Jan 2025 14:46:17 +0100 Subject: [PATCH] Remove exception log for api token errors Printing the exception may reveal details about the password. --- gradle/changelog/remove_api_token_error_log.yaml | 2 ++ .../src/main/java/sonia/scm/security/ApiKeyTokenHandler.java | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 gradle/changelog/remove_api_token_error_log.yaml diff --git a/gradle/changelog/remove_api_token_error_log.yaml b/gradle/changelog/remove_api_token_error_log.yaml new file mode 100644 index 0000000000..b082be8fa8 --- /dev/null +++ b/gradle/changelog/remove_api_token_error_log.yaml @@ -0,0 +1,2 @@ +- type: fixed + description: Removed the API token error log message that was being printed when the API token was invalid. diff --git a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java index de38346aec..83d3e6db24 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java +++ b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java @@ -64,9 +64,7 @@ class ApiKeyTokenHandler { return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class)); } catch (IOException | DecodingException e) { LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password"); - if (LOG.isTraceEnabled()) { - LOG.trace("failed to parse token", e); - } + // do not print the exception here, because it could reveal password details return empty(); } }