upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Filter out sensitive fields in user:auth-tokens

Browse source 
PublicKeyToken::jsonSerialize() already explicitly lists allowed fields,
we are adding a second guard here to be on the safe side.

Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
This commit is contained in:
Lucas Azevedo 2023-08-24 11:19:50 -03:00
parent 7d05d1f604
commit ca101b2dbe
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
core/Command/User/AuthTokens.php
View file

@ -61,7 +61,16 @@ class AuthTokens extends Base {
$tokens = $this->tokenProvider->getTokenByUser($user->getUID());
$data = array_map(fn (IToken $token): mixed => $token->jsonSerialize(), $tokens);
$data = array_map(function (IToken $token): mixed {
$filtered = [
'password',
'password_hash',
'token',
'public_key',
'private_key',
];
return array_diff_key($token->jsonSerialize(), array_flip($filtered));
}, $tokens);
$this->writeArrayInOutputFormat($input, $output, $data);