treat sensitive config keys by pattern

author Arthur Schiwon <blizzz@arthur-schiwon.de>

Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)

committer Arthur Schiwon <blizzz@arthur-schiwon.de>

Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
author Arthur Schiwon <blizzz@arthur-schiwon.de>
Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
committer Arthur Schiwon <blizzz@arthur-schiwon.de>
Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
diff --git a/lib/private/AppConfig.php b/lib/private/AppConfig.php

index 6d24ca5fa8ee77814eace37aa70488006007548a..8e921dbb7cfa937eba8d6da992e108cd290ab543 100644 (file)
--- a/lib/private/AppConfig.php
+++ b/lib/private/AppConfig.php
@@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
         /** @var array[] */
         protected $sensitiveValues = [
                 'spreed' => [
-                       'turn_server_secret',
+                       '/^turn_server_secret$/',
                 ],
                 'user_ldap' => [
-                       'ldap_agent_password',
+                       '/^(s..)?ldap_agent_password$/',
                 ],
         ];
  
@@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
                 $values = $this->getValues($app, false);
  
                 if (isset($this->sensitiveValues[$app])) {
-                       foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
-                               if (isset($values[$sensitiveKey])) {
+                       foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
+                               $sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
+                               foreach ($sensitiveKeys as $sensitiveKey) {
                                         $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
                                 }
                         }
diff --git a/tests/lib/AppConfigTest.php b/tests/lib/AppConfigTest.php

index fed929352d3003d74116dfa88837d755959d219e..9456fe4c2326a8c04aa8cf361388b8880c47cfa5 100644 (file)
--- a/tests/lib/AppConfigTest.php
+++ b/tests/lib/AppConfigTest.php
@@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
                         ->with('user_ldap', false)
                         ->willReturn([
                                 'ldap_agent_password' => 'secret',
+                               's42ldap_agent_password' => 'secret',
                                 'ldap_dn' => 'dn',
                         ]);
  
                 $values = $config->getFilteredValues('user_ldap');
                 $this->assertEquals([
                         'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
+                       's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
                         'ldap_dn' => 'dn',
                 ], $values);
         }
author	Arthur Schiwon <blizzz@arthur-schiwon.de>
	Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
committer	Arthur Schiwon <blizzz@arthur-schiwon.de>
	Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
lib/private/AppConfig.php		patch \| blob \| history
tests/lib/AppConfigTest.php		patch \| blob \| history