password_hash is masked in server responses.

ipc07
Luka Vandervelden 2019-06-29 03:55:40 +02:00
parent 505171ff7b
commit e9e2b65729
2 changed files with 8 additions and 3 deletions

View File

@ -96,7 +96,7 @@ IPC::Service.new "auth" do |event|
user = passwd.add_user request.login, request.password user = passwd.add_user request.login, request.password
client.send ResponseTypes::Ok, user.to_json client.send ResponseTypes::Ok, user.sanitize!.to_json
when RequestTypes::GetUserByCredentials when RequestTypes::GetUserByCredentials
begin begin
request = GetUserByCredentialsRequest.from_json String.new payload request = GetUserByCredentialsRequest.from_json String.new payload
@ -108,7 +108,7 @@ IPC::Service.new "auth" do |event|
user = passwd.get_user request.login, request.password user = passwd.get_user request.login, request.password
if user if user
client.send ResponseTypes::Ok, user.to_json client.send ResponseTypes::Ok, user.sanitize!.to_json
else else
client.send ResponseTypes::UserNotFound, "" client.send ResponseTypes::UserNotFound, ""
end end
@ -123,7 +123,7 @@ IPC::Service.new "auth" do |event|
user = passwd.get_user request.uid user = passwd.get_user request.uid
if user if user
client.send ResponseTypes::Ok, user.to_json client.send ResponseTypes::Ok, user.sanitize!.to_json
else else
client.send ResponseTypes::UserNotFound, "" client.send ResponseTypes::UserNotFound, ""
end end

View File

@ -34,6 +34,11 @@ class AuthD::User
def initialize(@login, @password_hash, @uid, @gid, @home, @shell) def initialize(@login, @password_hash, @uid, @gid, @home, @shell)
end end
def sanitize!
@password_hash = "x"
self
end
def to_h def to_h
{ {
:login => @login, :login => @login,