Obfuscate metrics shared secret

[micbar]

Description

Add the metrics API shared secret to the sensitive values list

Related Issue

• Fixes https://github.com/owncloud/metrics/issues/63

Motivation and Context

How Has This Been Tested?

• manually

Output

"config": {
        "apps_paths": [
            {
                "path": "\/Users\/xxx\/Development\/www\/owncloud-git\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/Users\/xxx\/Development\/www\/owncloud-git\/apps-custom",
                "url": "\/apps-custom",
                "writable": true
            }
        ],
        "trusted_domains": [
            "cloud.local"
        ],
        "license-key": "***REMOVED SENSITIVE VALUE***",
        "dav.enable.tech_preview": true,
        "phoenix.baseUrl": "localhost:8300",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "\/Users\/xxx\/Development\/www\/owncloud-git\/data",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbtype": "mysql",
        "version": "10.5.1.0",
        "dbname": "owncloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "instanceid": "ocvxucse86f3",
        "theme": "",
        "loglevel": 2,
        "maintenance": false,
        "metrics_shared_secret": "***REMOVED SENSITIVE VALUE***"
    },

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Database schema changes (next release will require increase of minor version instead of patch)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:
• Changelog item, see TEMPLATE

[C0rby]

LGTM 👍

[DeepDiver1975]

We should find a way to set this by each app individual - I already have one move of such a key: https://github.com/owncloud/project_folder#setup-configphp

Just saying ...

[codecov]

Codecov Report

Merging #37848 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #37848   +/-   ##
=========================================
  Coverage     64.75%   64.75%           
  Complexity    19396    19396           
=========================================
  Files          1285     1285           
  Lines         75762    75762           
  Branches       1333     1333           
=========================================
  Hits          49057    49057           
  Misses        26313    26313           
  Partials        392      392           

Flag	Coverage Δ	Complexity Δ
#javascript	54.03% <ø> (ø)	0.00 <ø> (ø)
#phpunit	65.93% <ø> (ø)	19396.00 <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ	Complexity Δ
lib/private/SystemConfig.php	100.00% <ø> (ø)	18.00 <0.00> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a992db8...292245c. Read the comment docs.

[jnweiger]

##Retested with 10.6.0 RC1

• install https://github.com/owncloud/metrics/releases/download/v1.0.0RC1/metrics-1.0.0RC1.tar.gz
• ./occ config:system:set "metrics_shared_secret" --value 1234
• curl http://oc-10-6-0-rc1.jw-qa.owncloud.works/ocs/v1.php/apps/metrics/api/v1/metrics\?users\=true\&files\=true\&shares\=true\&quota\=true\&userData\=true\&format\=json -H "OC-MetricsApiKey: 1234" | jq -> poduces a nice report. OK.
• Try run the metrics app. It starts with
  
  Not sure what the intended behaviour is there, .... Okayish...

The config report has:

...
"metrics_shared_secret": "***REMOVED SENSITIVE VALUE***"

OK.