Skip to content

Commit

Permalink
Obfuscate password when login the login header (actualbudget#402)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rodriguestiago0
rodriguestiago0 authored Jul 29, 2024
1 parent d3d9f70 commit b4a620e
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/app-account.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,9 @@ app.post('/login', (req, res) => {
switch (loginMethod) {
case 'header': {
let headerVal = req.get('x-actual-password') || '';
console.debug('HEADER VALUE: ' + headerVal);
const obfuscated =
'*'.repeat(headerVal.length) || 'No password provided.';
console.debug('HEADER VALUE: ' + obfuscated);
if (headerVal == '') {
res.send({ status: 'error', reason: 'invalid-header' });
return;
Expand Down
6 changes: 6 additions & 0 deletions upcoming-release-notes/402.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
category: Maintenance
authors: [rodriguestiago0]
---

Obfuscate password when login the login header

0 comments on commit b4a620e

Please sign in to comment.