redact password immediately after verify

2021-09-14 10:36:14 -07:00
parent d947be8683
commit a78178ec47
1 changed files with 2 additions and 0 deletions
@@ -70,6 +70,8 @@ async function update(req, res, next) {

        const [verifyError] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN));
        if (verifyError) return next(BoxError.toHttpError(verifyError));
+
+        req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
    }

    const [error] = await safe(users.update(req.user, data, auditSource.fromRequest(req)));