open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter out sensitive fields in user:auth-tokens

Browse Source 
PublicKeyToken::jsonSerialize() already explicitly lists allowed fields,
we are adding a second guard here to be on the safe side.

Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
pull/40026/head
Lucas Azevedo 3 years ago
parent 7d05d1f604
commit ca101b2dbe
1 changed files with 10 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      core/Command/User/AuthTokens.php

11
core/Command/User/AuthTokens.php
Unescape View File

@ -61,7 +61,16 @@ class AuthTokens extends Base {
$tokens = $this->tokenProvider->getTokenByUser($user->getUID());
$data = array_map(fn (IToken $token): mixed => $token->jsonSerialize(), $tokens);
$data = array_map(function (IToken $token): mixed {
$filtered = [
'password',
'password_hash',
'token',
'public_key',
'private_key',
];
return array_diff_key($token->jsonSerialize(), array_flip($filtered));
}, $tokens);
$this->writeArrayInOutputFormat($input, $output, $data);

Write Preview
Loading…
Cancel
Save