Merge pull request #16562 from nextcloud/backport/16555/stable16

[stable16] use a pattern to identify sensitive config keys
This commit is contained in:
Roeland Jago Douma 2019-07-27 10:38:41 +02:00 committed by GitHub
commit 64fb4c7736
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 4 deletions

View File

@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
/** @var array[] */
protected $sensitiveValues = [
'spreed' => [
'turn_server_secret',
'/^turn_server_secret$/',
],
'user_ldap' => [
'ldap_agent_password',
'/^(s..)?ldap_agent_password$/',
],
];
@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
$values = $this->getValues($app, false);
if (isset($this->sensitiveValues[$app])) {
foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
if (isset($values[$sensitiveKey])) {
foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
$sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
foreach ($sensitiveKeys as $sensitiveKey) {
$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
}
}

View File

@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
->with('user_ldap', false)
->willReturn([
'ldap_agent_password' => 'secret',
's42ldap_agent_password' => 'secret',
'ldap_dn' => 'dn',
]);
$values = $config->getFilteredValues('user_ldap');
$this->assertEquals([
'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
'ldap_dn' => 'dn',
], $values);
}