Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-10-26 16:16:10 +01:00
Code Issues Packages Projects Releases Activity

Remove exception log for api token errors

Browse Source 
Printing the exception may reveal details about the password.
This commit is contained in:
Rene Pfeuffer
2025-01-17 14:46:17 +01:00
parent 9d2001895e
commit 7b74224a80
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gradle/changelog/remove_api_token_error_log.yaml Normal file
View File

@@ -0,0 +1,2 @@
- type: fixed
description: Removed the API token error log message that was being printed when the API token was invalid.

4
scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
View File

@@ -64,9 +64,7 @@ class ApiKeyTokenHandler {
return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class)); return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class));
} catch (IOException | DecodingException e) { } catch (IOException | DecodingException e) {
LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password"); LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password");
if (LOG.isTraceEnabled()) { // do not print the exception here, because it could reveal password details
LOG.trace("failed to parse token", e);
}
return empty(); return empty();
} }
} }