treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
parent
159ff6dd97
commit
a9ccac2f20
|
@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
|
||||||
/** @var array[] */
|
/** @var array[] */
|
||||||
protected $sensitiveValues = [
|
protected $sensitiveValues = [
|
||||||
'spreed' => [
|
'spreed' => [
|
||||||
'turn_server_secret',
|
'/^turn_server_secret$/',
|
||||||
],
|
],
|
||||||
'user_ldap' => [
|
'user_ldap' => [
|
||||||
'ldap_agent_password',
|
'/^(s..)?ldap_agent_password$/',
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
|
||||||
$values = $this->getValues($app, false);
|
$values = $this->getValues($app, false);
|
||||||
|
|
||||||
if (isset($this->sensitiveValues[$app])) {
|
if (isset($this->sensitiveValues[$app])) {
|
||||||
foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
|
foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
|
||||||
if (isset($values[$sensitiveKey])) {
|
$sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
|
||||||
|
foreach ($sensitiveKeys as $sensitiveKey) {
|
||||||
$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
|
$values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
|
||||||
->with('user_ldap', false)
|
->with('user_ldap', false)
|
||||||
->willReturn([
|
->willReturn([
|
||||||
'ldap_agent_password' => 'secret',
|
'ldap_agent_password' => 'secret',
|
||||||
|
's42ldap_agent_password' => 'secret',
|
||||||
'ldap_dn' => 'dn',
|
'ldap_dn' => 'dn',
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$values = $config->getFilteredValues('user_ldap');
|
$values = $config->getFilteredValues('user_ldap');
|
||||||
$this->assertEquals([
|
$this->assertEquals([
|
||||||
'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
|
'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
|
||||||
|
's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
|
||||||
'ldap_dn' => 'dn',
|
'ldap_dn' => 'dn',
|
||||||
], $values);
|
], $values);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue