treat sensitive config keys by pattern

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2019-07-26 13:31:14 +02:00 committed by Backportbot
parent 159ff6dd97
commit a9ccac2f20
2 changed files with 7 additions and 4 deletions

View File

@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
/** @var array[] */ /** @var array[] */
protected $sensitiveValues = [ protected $sensitiveValues = [
'spreed' => [ 'spreed' => [
'turn_server_secret', '/^turn_server_secret$/',
], ],
'user_ldap' => [ 'user_ldap' => [
'ldap_agent_password', '/^(s..)?ldap_agent_password$/',
], ],
]; ];
@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
$values = $this->getValues($app, false); $values = $this->getValues($app, false);
if (isset($this->sensitiveValues[$app])) { if (isset($this->sensitiveValues[$app])) {
foreach ($this->sensitiveValues[$app] as $sensitiveKey) { foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
if (isset($values[$sensitiveKey])) { $sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
foreach ($sensitiveKeys as $sensitiveKey) {
$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE; $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
} }
} }

View File

@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
->with('user_ldap', false) ->with('user_ldap', false)
->willReturn([ ->willReturn([
'ldap_agent_password' => 'secret', 'ldap_agent_password' => 'secret',
's42ldap_agent_password' => 'secret',
'ldap_dn' => 'dn', 'ldap_dn' => 'dn',
]); ]);
$values = $config->getFilteredValues('user_ldap'); $values = $config->getFilteredValues('user_ldap');
$this->assertEquals([ $this->assertEquals([
'ldap_agent_password' => IConfig::SENSITIVE_VALUE, 'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
'ldap_dn' => 'dn', 'ldap_dn' => 'dn',
], $values); ], $values);
} }