diff options
author | David Baker <dave@matrix.org> | 2016-11-24 10:54:59 +0000 |
---|---|---|
committer | David Baker <dave@matrix.org> | 2016-11-24 10:54:59 +0000 |
commit | c9d4e7b71646806d785e9831a2566799334af597 (patch) | |
tree | d3c4a01340f446f409dca50b7f3891d08b76f2f1 /synapse | |
parent | Log the args that we have on UI auth completion (diff) | |
download | synapse-c9d4e7b71646806d785e9831a2566799334af597.tar.xz |
Clarify that creds doesn not contain passwords.
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/handlers/auth.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 91b3bde2f2..51e7616fcc 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -164,7 +164,9 @@ class AuthHandler(BaseHandler): if len(set(f) - set(creds.keys())) == 0: # it's very useful to know what args are stored, but this can # include the password in the case of registering, so only log - # the keys. + # the keys (confusingly, clientdict may contain a password + # param, creds is just what the user authed as for UI auth + # and is not sensitive). logger.info( "Auth completed with creds: %r. Client dict has keys: %r", creds, clientdict.keys() |