Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact user event for direct logins #291

Open
redgoat650 opened this issue Oct 4, 2024 · 1 comment
Open

Redact user event for direct logins #291

redgoat650 opened this issue Oct 4, 2024 · 1 comment

Comments

@redgoat650
Copy link

When a user logs in with two steps, e.g.

> login token
> {"field_id_1":"xyz...","field_id_2":"abc..."}

the user's second message gets redacted to hide the field values (they might contain tokens or other secrets).

When a user logs in direct (checkLoginCommandDirectParams), e.g.:

> login token xyz... abc...

the message is left unredacted, with the values in plaintext.

Any reason for this differing behavior with respect to redactions? Can we assume that if the user provided extra ce.Args, they're probably attempting to provide login secrets, and we should issue a redaction for them? Or do some login flows allow only non-secret extra args that we want to keep around and not redact? Thoughts?
@redgoat650
Copy link
Author

Perhaps the intent of the Redact is more to keep the bot chat tidy, getting rid of long curl... text garbage, more than obfuscating secrets? If that's the case, feel free to close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@redgoat650