Remove exception log for api token errors

Printing the exception may reveal details about the password.
This commit is contained in:
Rene Pfeuffer
2025-01-17 14:46:17 +01:00
parent 9d2001895e
commit 7b74224a80
2 changed files with 3 additions and 3 deletions

View File

@@ -0,0 +1,2 @@
- type: fixed
description: Removed the API token error log message that was being printed when the API token was invalid.

View File

@@ -64,9 +64,7 @@ class ApiKeyTokenHandler {
return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class)); return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class));
} catch (IOException | DecodingException e) { } catch (IOException | DecodingException e) {
LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password"); LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password");
if (LOG.isTraceEnabled()) { // do not print the exception here, because it could reveal password details
LOG.trace("failed to parse token", e);
}
return empty(); return empty();
} }
} }