From 4d5a69c7fbb1ecffc539ca507ab107ef7e436e4d Mon Sep 17 00:00:00 2001
From: Uwe Ilgenstein <uwe.ilgenstein@dataport.de>
Date: Tue, 10 Oct 2023 14:03:42 +0200
Subject: [PATCH] BC-5044 - prevent password logging of failed edusharing
 requests

---
 src/middleware/errorHandler.js                            | 2 ++
 src/services/edusharing/services/EduSharingConnectorV6.js | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/middleware/errorHandler.js b/src/middleware/errorHandler.js
index 0cc57312116..463e924ee98 100644
--- a/src/middleware/errorHandler.js
+++ b/src/middleware/errorHandler.js
@@ -125,6 +125,7 @@ const secretDataKeys = (() =>
 		'gradeComment',
 		'_csrf',
 		'searchUserPassword',
+		'authorization',
 	].map((k) => k.toLocaleLowerCase()))();
 
 const filterSecretValue = (key, value) => {
@@ -174,6 +175,7 @@ const filterSecrets = (error, req, res, next) => {
 	if (error) {
 		// req.url = filterQuery(req.url);
 		req.originalUrl = filterQuery(req.originalUrl);
+		req.headers = filter(req.headers);
 		req.body = filter(req.body);
 		error.data = filter(error.data);
 		error.options = filter(error.options);
diff --git a/src/services/edusharing/services/EduSharingConnectorV6.js b/src/services/edusharing/services/EduSharingConnectorV6.js
index 95a924a1eda..cc9f67f8230 100644
--- a/src/services/edusharing/services/EduSharingConnectorV6.js
+++ b/src/services/edusharing/services/EduSharingConnectorV6.js
@@ -114,7 +114,9 @@ class EduSharingConnector {
 			if (err.statusCode === 404) {
 				return null;
 			}
-			logger.error(`Edu-Sharing failed request with error ${err.statusCode} ${err.message}`, options);
+			// eslint-disable-next-line no-unused-vars
+			const { headers, ...logOptions } = options;
+			logger.error(`Edu-Sharing failed request with error ${err.statusCode} ${err.message}`, logOptions);
 			if (retried === true) {
 				throw new GeneralError('Edu-Sharing Request failed');
 			} else {