summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorErik Johnston <erikj@jki.re>2016-12-05 16:40:58 +0000
committerGitHub <noreply@github.com>2016-12-05 16:40:58 +0000
commit338df4f409558704c2aa816d6f1d4fe7df0f6a6c (patch)
treea34c059fdefae5fe2dcc65d3aed8ad622a8a6d2e /synapse
parentMerge pull request #1668 from pik/bug-console-filter (diff)
parentClarify that creds doesn not contain passwords. (diff)
downloadsynapse-338df4f409558704c2aa816d6f1d4fe7df0f6a6c.tar.xz
Merge pull request #1649 from matrix-org/dbkr/log_ui_auth_args
Log the args that we have on UI auth completion
Diffstat (limited to 'synapse')
-rw-r--r--synapse/handlers/auth.py10
1 files changed, 9 insertions, 1 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 9d8e6f19bc..3b146f09d6 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -162,7 +162,15 @@ class AuthHandler(BaseHandler):
 
         for f in flows:
             if len(set(f) - set(creds.keys())) == 0:
-                logger.info("Auth completed with creds: %r", creds)
+                # it's very useful to know what args are stored, but this can
+                # include the password in the case of registering, so only log
+                # the keys (confusingly, clientdict may contain a password
+                # param, creds is just what the user authed as for UI auth
+                # and is not sensitive).
+                logger.info(
+                    "Auth completed with creds: %r. Client dict has keys: %r",
+                    creds, clientdict.keys()
+                )
                 defer.returnValue((True, creds, clientdict, session['id']))
 
         ret = self._auth_dict_for_flows(flows, session)