Skip to content
This repository has been archived by the owner on Dec 14, 2021. It is now read-only.

Mask sensitive information in error messages #683

Closed
wants to merge 1 commit into from
Closed

Mask sensitive information in error messages #683

wants to merge 1 commit into from

Conversation

johanstokking
Copy link
Contributor

  • Masking an app ID if the claims do not contain access to the app ID
  • Masking an underlying error from the Account Server

@coveralls
Copy link

Coverage Status

Coverage remained the same at 74.093% when pulling a056244 on fix/safer-errors into 21dccdd on develop.

htdvisser
htdvisser suggested changes Nov 10, 2017
View reviewed changes
core/handler/manager_server.go
@@ -55,7 +58,8 @@ func (h *handlerManager) validateTTNAuthAppContext(ctx context.Context, appID st
}
token, err := h.handler.Component.ExchangeAppKeyForToken(appID, key)
if err != nil {
return ctx, nil, err
h.handler.Ctx.WithError(err).Warn("Could not exchange key for token")
return ctx, nil, errors.NewErrPermissionDenied("Could not exchange key for token")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should do this in the ExchangeAppKeyForToken func, as this error may either be caused by misconfiguration of the handler, or by an invalid access key. The first should be an InternalServerError, the second indeed a PermissionDenied

@johanstokking johanstokking deleted the fix/safer-errors branch April 4, 2018 07:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@htdvisser htdvisser htdvisser requested changes

Assignees

@htdvisser htdvisser

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johanstokking @coveralls @htdvisser