IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: scrub secret setting values from logs

Browse Source
This commit is contained in:
Arpit Jalan
2018-05-14 22:35:55 +05:30
parent 4461de6281
commit abcb6af8f9
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/site_setting_extension.rb
View File

@@ -275,10 +275,18 @@ module SiteSettingExtension
end
end
SECRET_SETTINGS ||= %w{
google_oauth2_client_secret twitter_consumer_secret instagram_consumer_secret
facebook_app_secret github_client_secret s3_secret_access_key
}
def set_and_log(name, value, user = Discourse.system_user)
prev_value = send(name)
set(name, value)
StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value) if has_setting?(name)
if has_setting?(name)
value = prev_value = "[FILTERED]" if SECRET_SETTINGS.include?(name)
StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value)
end
end
protected