summary refs log tree commit diff
diff options
context:
space:
mode:
authorDavid Baker <dave@matrix.org>2016-11-24 10:54:59 +0000
committerDavid Baker <dave@matrix.org>2016-11-24 10:54:59 +0000
commitc9d4e7b71646806d785e9831a2566799334af597 (patch)
treed3c4a01340f446f409dca50b7f3891d08b76f2f1
parentLog the args that we have on UI auth completion (diff)
downloadsynapse-c9d4e7b71646806d785e9831a2566799334af597.tar.xz
Clarify that creds doesn not contain passwords.
-rw-r--r--synapse/handlers/auth.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 91b3bde2f2..51e7616fcc 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -164,7 +164,9 @@ class AuthHandler(BaseHandler):
             if len(set(f) - set(creds.keys())) == 0:
                 # it's very useful to know what args are stored, but this can
                 # include the password in the case of registering, so only log
-                # the keys.
+                # the keys (confusingly, clientdict may contain a password
+                # param, creds is just what the user authed as for UI auth
+                # and is not sensitive).
                 logger.info(
                     "Auth completed with creds: %r. Client dict has keys: %r",
                     creds, clientdict.keys()