Merge pull request #151 from silinternational/feature/log-redacted-apiSecret-if-incorrect

forevermatt · web-flow · commit 5347736a62ce · 2024-05-06T16:31:55.000-04:00
If the API Secret is NOT valid, log its first and last few characters
diff --git a/models/api-key.js b/models/api-key.js
@@ -182,6 +182,8 @@ const isValidApiSecret = (apiKeyRecord, apiSecret = '') => {
   const isValid = password.compare(apiSecret, apiKeyRecord.hashedApiSecret);
   if (isValid !== true) {
     console.log('The given API Secret is NOT valid for the given API Key record.');
+    const redactedApiSecret = apiSecret.substring(0, 3) + '...[snip]...' + apiSecret.substring(apiSecret.length - 3);
+    console.log(redactedApiSecret);
     return false;
   }
   

Original file line number	Diff line number	Diff line change
`@@ -182,6 +182,8 @@ const isValidApiSecret = (apiKeyRecord, apiSecret = '') => {`
`182`	`182`	`const isValid = password.compare(apiSecret, apiKeyRecord.hashedApiSecret);`
`183`	`183`	`if (isValid !== true) {`
`184`	`184`	`console.log('The given API Secret is NOT valid for the given API Key record.');`
	`185`	`+ const redactedApiSecret = apiSecret.substring(0, 3) + '...[snip]...' + apiSecret.substring(apiSecret.length - 3);`
	`186`	`+ console.log(redactedApiSecret);`
`185`	`187`	`return false;`
`186`	`188`	`}`
`187`	`189`