Add Rails filters to remove more sensitive fields

This focuses on removing sensitive parameter fields related to users and
authentication. We exclude specific fields in the auth hash, in case
apps use them elsewhere, as well as the entire raw auth hash.
Additionally, this excludes parameters use specifically in the OAuth
flow redirects.

This also filters redirects to external system auth endpoints as these
can contain sensitive code and state data. Similarly, anything related
to the configured provider account system is removed as well to avoid
leaking more information.

See:

- http://guides.rubyonrails.org/v5.1.6/action_controller_overview.html#log-filtering
- https://github.com/rails/rails/blob/v5.1.6/actionpack/lib/action_dispatch/http/filter_parameters.rb
- https://github.com/rails/rails/blob/v5.1.6/actionpack/lib/action_dispatch/http/filter_redirect.rb

Author: cupakromer

lib/kracken/railtie.rb

@@ -7,5 +7,27 @@ class Railtie < ::Rails::Railtie
       app.middleware.insert_after ActionDispatch::DebugExceptions,
                                   ::Kracken::JsonApi::PublicExceptions
     end
+
+    config.before_initialize do |app|
+      app.config.filter_parameters += %i[
+        code
+        email
+        linked_accounts
+        raw_info
+        redirect_to
+        redirect_uri
+        state
+        token
+      ]
+      app.config.filter_redirect += [
+        "auth/radius",
+        "auth/token",
+      ]
+    end
+
+    # Allow apps to configure the provider in initializers
+    config.after_initialize do |app|
+      app.config.filter_redirect << URI(Kracken.config.provider_url).host
+    end
   end
 end