From dd3bae53315a5601291399f6457d4819a93e52a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serta=C3=A7=20Karahoda?= Date: Fri, 5 Nov 2021 10:58:16 +0300 Subject: [PATCH] fix: Redact personal access token while logging --- src/service/auth.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/service/auth.ts b/src/service/auth.ts index c07861b..1935e98 100644 --- a/src/service/auth.ts +++ b/src/service/auth.ts @@ -16,6 +16,10 @@ function notEmptyValidator(errorMessage: string) { return (input: string): boolean | string => (input && input.length > 0 ? true : errorMessage); } +function redactPersonalAccessToken(personalAccessToken: string): string { + return personalAccessToken.replace(/\.[^.]*$/, ".REDACTED"); +} + type JWT = { [key: string]: string | number | boolean }; const validate = (authentication: Authentication | undefined, requiredScopes?: string[]): Authentication => { @@ -85,7 +89,7 @@ export class AuthenticationService { const tokenFromEnv = envUtil.getAccessTokenFromEnv(); if (tokenFromEnv) { - logger.debug(`Found access token from ZEPLIN_ACCESS_TOKEN env var. value: ${tokenFromEnv}`); + logger.debug(`Found access token from ZEPLIN_ACCESS_TOKEN env var. value: ${redactPersonalAccessToken(tokenFromEnv)}`); this.authentication = { token: tokenFromEnv, method: AUTH_METHOD.ENVIRONMENT_VARIABLE @@ -93,7 +97,7 @@ export class AuthenticationService { } else if (!envUtil.isCI()) { const tokenFromFile = await authFileUtil.readAuthToken(); if (tokenFromFile) { - logger.debug(`Found access token from auth file. value: ${tokenFromFile}`); + logger.debug(`Found access token from auth file. value: ${redactPersonalAccessToken(tokenFromFile)}`); this.authentication = { token: tokenFromFile, method: AUTH_METHOD.LOCAL_AUTH_FILE