Merge pull request #24336 from owncloud/issue-24328-remove-password-from-exception-trace-in-dav-auth

Remove the password from the validateUserPass() method as well

2 files changed, 16 insertions, 1 deletions

diff --git a/lib/private/Log.php b/lib/private/Log.php
index bbdad9cf166..d82346bbcf0 100644
--- a/lib/private/Log.php
+++ b/lib/private/Log.php
@@ -284,7 +284,7 @@ class Log implements ILogger {
 			'File' => $exception->getFile(),
 			'Line' => $exception->getLine(),
 		);
-		$exception['Trace'] = preg_replace('!(login|checkPassword|updatePrivateKeyPassword)\(.*\)!', '$1(*** username and password replaced ***)', $exception['Trace']);
+		$exception['Trace'] = preg_replace('!(login|checkPassword|updatePrivateKeyPassword|validateUserPass)\(.*\)!', '$1(*** username and password replaced ***)', $exception['Trace']);
 		$msg = isset($context['message']) ? $context['message'] : 'Exception';
 		$msg .= ': ' . json_encode($exception);
 		$this->error($msg, $context);
diff --git a/tests/lib/logger.php b/tests/lib/logger.php
index 9c9cd9e6728..e6a0abfbf28 100644
--- a/tests/lib/logger.php
+++ b/tests/lib/logger.php
@@ -107,4 +107,19 @@ class Logger extends TestCase {
 			$this->assertContains('checkPassword(*** username and password replaced ***)', $logLine);
 		}
 	}
+
+	/**
+	 * @dataProvider userAndPasswordData
+	 */
+	public function testDetectvalidateUserPass($user, $password) {
+		$e = new \Exception('test');
+		$this->logger->logException($e);
+		$logLines = $this->getLogs();
+
+		foreach($logLines as $logLine) {
+			$this->assertNotContains($user, $logLine);
+			$this->assertNotContains($password, $logLine);
+			$this->assertContains('validateUserPass(*** username and password replaced ***)', $logLine);
+		}
+	}
 }