Merge pull request #16562 from nextcloud/backport/16555/stable16
[stable16] use a pattern to identify sensitive config keys
This commit is contained in:
commit
64fb4c7736
|
@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
|
|||
/** @var array[] */
|
||||
protected $sensitiveValues = [
|
||||
'spreed' => [
|
||||
'turn_server_secret',
|
||||
'/^turn_server_secret$/',
|
||||
],
|
||||
'user_ldap' => [
|
||||
'ldap_agent_password',
|
||||
'/^(s..)?ldap_agent_password$/',
|
||||
],
|
||||
];
|
||||
|
||||
|
@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
|
|||
$values = $this->getValues($app, false);
|
||||
|
||||
if (isset($this->sensitiveValues[$app])) {
|
||||
foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
|
||||
if (isset($values[$sensitiveKey])) {
|
||||
foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
|
||||
$sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
|
||||
foreach ($sensitiveKeys as $sensitiveKey) {
|
||||
$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
|
|||
->with('user_ldap', false)
|
||||
->willReturn([
|
||||
'ldap_agent_password' => 'secret',
|
||||
's42ldap_agent_password' => 'secret',
|
||||
'ldap_dn' => 'dn',
|
||||
]);
|
||||
|
||||
$values = $config->getFilteredValues('user_ldap');
|
||||
$this->assertEquals([
|
||||
'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
|
||||
's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
|
||||
'ldap_dn' => 'dn',
|
||||
], $values);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue