Merge pull request #1013 from Accenture/task/1012-generated-passwords…

…-should-be-logged-using-consolelog-bypassing-log-files #1012: fix potential security issue regarding passwords in log files
Accenture · Jun 30, 2023 · 581e621 · 581e621
2 parents 0cfc978 + 1cccdd8
commit 581e621
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/metadataTypes/User.js b/lib/metadataTypes/User.js
@@ -404,8 +404,11 @@ class User extends MetadataType {
         if (!metadata.Password) {
             metadata.Password = this._generatePassword();
             Util.logger.info(
-                ` - Password for ${metadata.UserID} was not given. Generated password: ${metadata.Password}`
+                ` - Password for ${metadata.UserID} was not given. Generated password:`
             );
+            // use console.log here to print the generated password to bypass the logfile
+            // eslint-disable-next-line no-console
+            console.log(metadata.Password);
         }
     }