Merge pull request #16562 from nextcloud/backport/16555/stable16

[stable16] use a pattern to identify sensitive config keys

lib/private/AppConfig.php

@@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
 	/** @var array[] */
 	protected $sensitiveValues = [
 		'spreed' => [
-			'turn_server_secret',
+			'/^turn_server_secret$/',
 		],
 		'user_ldap' => [
-			'ldap_agent_password',
+			'/^(s..)?ldap_agent_password$/',
 		],
 	];
 
@@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
 		$values = $this->getValues($app, false);
 
 		if (isset($this->sensitiveValues[$app])) {
-			foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
-				if (isset($values[$sensitiveKey])) {
+			foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
+				$sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
+				foreach ($sensitiveKeys as $sensitiveKey) {
 					$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
 				}
 			}

tests/lib/AppConfigTest.php

@@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
 			->with('user_ldap', false)
 			->willReturn([
 				'ldap_agent_password' => 'secret',
+				's42ldap_agent_password' => 'secret',
 				'ldap_dn' => 'dn',
 			]);
 
 		$values = $config->getFilteredValues('user_ldap');
 		$this->assertEquals([
 			'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
+			's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
 			'ldap_dn' => 'dn',
 		], $values);
 	}