diff --git a/models/db/engine_init.go b/models/db/engine_init.go index f26189b805478..310b19533fdff 100644 --- a/models/db/engine_init.go +++ b/models/db/engine_init.go @@ -34,9 +34,9 @@ func newXORMEngine() (*xorm.Engine, error) { if setting.Database.Type.IsPostgreSQL() && len(setting.Database.Schema) > 0 { // OK whilst we sort out our schema issues - create a schema aware postgres registerPostgresSchemaDriver() - engine, err = xorm.NewEngine("postgresschema", connStr) + engine, err = xorm.NewEngine("postgresschema", connStr.String()) } else { - engine, err = xorm.NewEngine(setting.Database.Type.String(), connStr) + engine, err = xorm.NewEngine(setting.Database.Type.String(), connStr.String()) } if err != nil { diff --git a/modules/globallock/globallock.go b/modules/globallock/globallock.go index 24e91881bb338..e3549918dee1d 100644 --- a/modules/globallock/globallock.go +++ b/modules/globallock/globallock.go @@ -16,7 +16,7 @@ var ( initFunc = func() { switch setting.GlobalLock.ServiceType { case "redis": - defaultLocker = NewRedisLocker(setting.GlobalLock.ServiceConnStr) + defaultLocker = NewRedisLocker(setting.GlobalLock.ServiceConnStr.String()) case "memory": fallthrough default: diff --git a/modules/indexer/code/indexer.go b/modules/indexer/code/indexer.go index 6035ddfe95fa2..01fe3cfa070fa 100644 --- a/modules/indexer/code/indexer.go +++ b/modules/indexer/code/indexer.go @@ -175,7 +175,7 @@ func Init() { } }() - rIndexer = elasticsearch.NewIndexer(setting.Indexer.RepoConnStr, setting.Indexer.RepoIndexerName) + rIndexer = elasticsearch.NewIndexer(setting.Indexer.RepoConnStr.String(), setting.Indexer.RepoIndexerName) existed, err = rIndexer.Init(ctx) if err != nil { cancel() diff --git a/modules/indexer/issues/indexer.go b/modules/indexer/issues/indexer.go index bbc78aecbe522..474bbdeffa03f 100644 --- a/modules/indexer/issues/indexer.go +++ b/modules/indexer/issues/indexer.go @@ -97,7 +97,7 @@ func InitIssueIndexer(syncReindex bool) { log.Fatal("Unable to initialize Bleve Issue Indexer at path: %s Error: %v", setting.Indexer.IssuePath, err) } case "elasticsearch": - issueIndexer = elasticsearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueIndexerName) + issueIndexer = elasticsearch.NewIndexer(setting.Indexer.IssueConnStr.String(), setting.Indexer.IssueIndexerName) existed, err = issueIndexer.Init(ctx) if err != nil { log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err) @@ -105,7 +105,7 @@ func InitIssueIndexer(syncReindex bool) { case "db": issueIndexer = db.GetIndexer() case "meilisearch": - issueIndexer = meilisearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueConnAuth, setting.Indexer.IssueIndexerName) + issueIndexer = meilisearch.NewIndexer(setting.Indexer.IssueConnStr.String(), setting.Indexer.IssueConnAuth.String(), setting.Indexer.IssueIndexerName) existed, err = issueIndexer.Init(ctx) if err != nil { log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err) diff --git a/modules/log/event_format.go b/modules/log/event_format.go index 4cf471d223cf2..cc86c6c6752ba 100644 --- a/modules/log/event_format.go +++ b/modules/log/event_format.go @@ -8,6 +8,8 @@ import ( "fmt" "strings" "time" + + "code.gitea.io/gitea/modules/util" ) type Event struct { @@ -203,6 +205,14 @@ func EventFormatTextMessage(mode *WriterMode, event *Event, msgFormat string, ms var msg []byte + for i, v := range msgArgs { + if sensitiveURL, ok := v.(util.SensitiveURLString); ok { + msgArgs[i] = util.SanitizeCredentialURLs(string(sensitiveURL)) + } else if _, ok := v.(util.SensitivePasswordString); ok { + msgArgs[i] = "********" + } + } + // if the log needs colorizing, do it if mode.Colorize && len(msgArgs) > 0 { hasColorValue := false diff --git a/modules/queue/base_levelqueue_common.go b/modules/queue/base_levelqueue_common.go index d37093b84dca1..1066489f10da8 100644 --- a/modules/queue/base_levelqueue_common.go +++ b/modules/queue/base_levelqueue_common.go @@ -78,10 +78,10 @@ func prepareLevelDB(cfg *BaseConfig) (conn string, db *leveldb.DB, err error) { } conn = cfg.DataFullDir } else { - if !strings.HasPrefix(cfg.ConnStr, "leveldb://") { + if !strings.HasPrefix(cfg.ConnStr.String(), "leveldb://") { return "", nil, fmt.Errorf("invalid leveldb connection string: %q", cfg.ConnStr) } - conn = cfg.ConnStr + conn = cfg.ConnStr.String() } for range 10 { if db, err = nosql.GetManager().GetLevelDB(conn); err == nil { diff --git a/modules/queue/base_levelqueue_test.go b/modules/queue/base_levelqueue_test.go index 05d820856067b..ee5e82ecd5fec 100644 --- a/modules/queue/base_levelqueue_test.go +++ b/modules/queue/base_levelqueue_test.go @@ -8,6 +8,7 @@ import ( "code.gitea.io/gitea/modules/queue/lqinternal" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "gitea.com/lunny/levelqueue" "github.com/stretchr/testify/assert" @@ -23,7 +24,7 @@ func TestBaseLevelDB(t *testing.T) { assert.ErrorContains(t, err, "invalid leveldb data dir") testQueueBasic(t, newBaseLevelQueueSimple, toBaseConfig("baseLevelQueue", setting.QueueSettings{Datadir: t.TempDir() + "/queue-test", Length: 10}), false) - testQueueBasic(t, newBaseLevelQueueUnique, toBaseConfig("baseLevelQueueUnique", setting.QueueSettings{ConnStr: "leveldb://" + t.TempDir() + "/queue-test", Length: 10}), true) + testQueueBasic(t, newBaseLevelQueueUnique, toBaseConfig("baseLevelQueueUnique", setting.QueueSettings{ConnStr: util.SensitiveURLString("leveldb://" + t.TempDir() + "/queue-test"), Length: 10}), true) } func TestCorruptedLevelQueue(t *testing.T) { diff --git a/modules/queue/base_redis.go b/modules/queue/base_redis.go index bea0fd7a985d4..b1acf8c906c7c 100644 --- a/modules/queue/base_redis.go +++ b/modules/queue/base_redis.go @@ -26,7 +26,7 @@ type baseRedis struct { var _ baseQueue = (*baseRedis)(nil) func newBaseRedisGeneric(cfg *BaseConfig, unique bool) (baseQueue, error) { - client := nosql.GetManager().GetRedisClient(cfg.ConnStr) + client := nosql.GetManager().GetRedisClient(string(cfg.ConnStr)) var err error for range 10 { diff --git a/modules/queue/config.go b/modules/queue/config.go index c5bc16b6f0849..3ce7b6f20a439 100644 --- a/modules/queue/config.go +++ b/modules/queue/config.go @@ -5,13 +5,14 @@ package queue import ( "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" ) type BaseConfig struct { ManagedName string DataFullDir string // the caller must prepare an absolute path - ConnStr string + ConnStr util.SensitiveURLString Length int QueueFullName, SetFullName string diff --git a/modules/queue/manager_test.go b/modules/queue/manager_test.go index fda498cc8411c..810acde00ad72 100644 --- a/modules/queue/manager_test.go +++ b/modules/queue/manager_test.go @@ -85,7 +85,7 @@ MAX_WORKERS = 123 assert.Equal(t, filepath.Join(setting.AppDataPath, "queues/dir1"), q1.baseConfig.DataFullDir) assert.Equal(t, 100, q1.baseConfig.Length) assert.Equal(t, 20, q1.batchLength) - assert.Equal(t, "addrs=127.0.0.1:6379 db=0", q1.baseConfig.ConnStr) + assert.Equal(t, "addrs=127.0.0.1:6379 db=0", q1.baseConfig.ConnStr.String()) assert.Equal(t, "no-such_queue1", q1.baseConfig.QueueFullName) assert.Equal(t, "no-such_queue1_unique", q1.baseConfig.SetFullName) assert.NotZero(t, q1.GetWorkerMaxNumber()) diff --git a/modules/setting/database.go b/modules/setting/database.go index 1a4bf648058ff..0db447c5f750f 100644 --- a/modules/setting/database.go +++ b/modules/setting/database.go @@ -12,6 +12,8 @@ import ( "path/filepath" "strings" "time" + + "code.gitea.io/gitea/modules/util" ) var ( @@ -29,7 +31,7 @@ var ( Host string Name string User string - Passwd string + Passwd util.SensitivePasswordString Schema string SSLMode string Path string @@ -65,7 +67,7 @@ func loadDBSetting(rootCfg ConfigProvider) { Database.Name = sec.Key("NAME").String() Database.User = sec.Key("USER").String() if len(Database.Passwd) == 0 { - Database.Passwd = sec.Key("PASSWD").String() + Database.Passwd = util.SensitivePasswordString(sec.Key("PASSWD").String()) } Database.Schema = sec.Key("SCHEMA").String() Database.SSLMode = sec.Key("SSL_MODE").MustString("disable") @@ -92,8 +94,8 @@ func loadDBSetting(rootCfg ConfigProvider) { } // DBConnStr returns database connection string -func DBConnStr() (string, error) { - var connStr string +func DBConnStr() (util.SensitiveURLString, error) { + var connStr util.SensitiveURLString paramSep := "?" if strings.Contains(Database.Name, paramSep) { paramSep = "&" @@ -108,13 +110,13 @@ func DBConnStr() (string, error) { if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL tls = "false" } - connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%sparseTime=true&tls=%s", - Database.User, Database.Passwd, connType, Database.Host, Database.Name, paramSep, tls) + connStr = util.SensitiveURLString(fmt.Sprintf("%s:%s@%s(%s)/%s%sparseTime=true&tls=%s", + Database.User, Database.Passwd, connType, Database.Host, Database.Name, paramSep, tls)) case "postgres": - connStr = getPostgreSQLConnectionString(Database.Host, Database.User, Database.Passwd, Database.Name, Database.SSLMode) + connStr = util.SensitiveURLString(getPostgreSQLConnectionString(Database.Host, Database.User, Database.Passwd.String(), Database.Name, Database.SSLMode)) case "mssql": host, port := ParseMSSQLHostPort(Database.Host) - connStr = fmt.Sprintf("server=%s; port=%s; database=%s; user id=%s; password=%s;", host, port, Database.Name, Database.User, Database.Passwd) + connStr = util.SensitiveURLString(fmt.Sprintf("server=%s; port=%s; database=%s; user id=%s; password=%s;", host, port, Database.Name, Database.User, Database.Passwd)) case "sqlite3": if !EnableSQLite3 { return "", errors.New("this Gitea binary was not built with SQLite3 support") @@ -126,8 +128,8 @@ func DBConnStr() (string, error) { if Database.SQLiteJournalMode != "" { journalMode = "&_journal_mode=" + Database.SQLiteJournalMode } - connStr = fmt.Sprintf("file:%s?cache=shared&mode=rwc&_busy_timeout=%d&_txlock=immediate%s", - Database.Path, Database.Timeout, journalMode) + connStr = util.SensitiveURLString(fmt.Sprintf("file:%s?cache=shared&mode=rwc&_busy_timeout=%d&_txlock=immediate%s", + Database.Path, Database.Timeout, journalMode)) default: return "", fmt.Errorf("unknown database type: %s", Database.Type) } diff --git a/modules/setting/gloabl_lock.go b/modules/setting/gloabl_lock.go index a7802a9df1f70..a3bda3a3f2096 100644 --- a/modules/setting/gloabl_lock.go +++ b/modules/setting/gloabl_lock.go @@ -6,12 +6,13 @@ package setting import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/nosql" + "code.gitea.io/gitea/modules/util" ) // GlobalLock represents configuration of global lock var GlobalLock = struct { ServiceType string - ServiceConnStr string + ServiceConnStr util.SensitiveURLString }{ ServiceType: "memory", } @@ -30,7 +31,7 @@ func loadGlobalLockFrom(rootCfg ConfigProvider) { if u == nil { log.Fatal("SERVICE_CONN_STR %s is not a valid redis connection string", connStr) } - GlobalLock.ServiceConnStr = connStr + GlobalLock.ServiceConnStr = util.SensitiveURLString(connStr) default: log.Fatal("Unknown sync lock service type: %s", GlobalLock.ServiceType) } diff --git a/modules/setting/global_lock_test.go b/modules/setting/global_lock_test.go index 5e15eb3483d5b..d6159b8e2fc18 100644 --- a/modules/setting/global_lock_test.go +++ b/modules/setting/global_lock_test.go @@ -30,6 +30,6 @@ SERVICE_CONN_STR = addrs=127.0.0.1:6379 db=0 loadGlobalLockFrom(cfg) assert.Equal(t, "redis", GlobalLock.ServiceType) - assert.Equal(t, "addrs=127.0.0.1:6379 db=0", GlobalLock.ServiceConnStr) + assert.Equal(t, "addrs=127.0.0.1:6379 db=0", GlobalLock.ServiceConnStr.String()) }) } diff --git a/modules/setting/indexer.go b/modules/setting/indexer.go index ace7eec70eb77..e8f339866b92b 100644 --- a/modules/setting/indexer.go +++ b/modules/setting/indexer.go @@ -10,14 +10,15 @@ import ( "time" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" ) // Indexer settings var Indexer = struct { IssueType string IssuePath string - IssueConnStr string - IssueConnAuth string + IssueConnStr util.SensitiveURLString + IssueConnAuth util.SensitivePasswordString IssueIndexerName string StartupTimeout time.Duration @@ -25,7 +26,7 @@ var Indexer = struct { RepoIndexerRepoTypes []string RepoType string RepoPath string - RepoConnStr string + RepoConnStr util.SensitiveURLString RepoIndexerName string MaxIndexerFileSize int64 IncludePatterns []*GlobMatcher @@ -60,16 +61,17 @@ func loadIndexerFrom(rootCfg ConfigProvider) { } checkOverlappedPath("[indexer].ISSUE_INDEXER_PATH", Indexer.IssuePath) } else { - Indexer.IssueConnStr = sec.Key("ISSUE_INDEXER_CONN_STR").MustString(Indexer.IssueConnStr) + Indexer.IssueConnStr = util.SensitiveURLString(sec.Key("ISSUE_INDEXER_CONN_STR").MustString(string(Indexer.IssueConnStr))) if Indexer.IssueType == "meilisearch" { - u, err := url.Parse(Indexer.IssueConnStr) + u, err := url.Parse(string(Indexer.IssueConnStr)) if err != nil { log.Warn("Failed to parse ISSUE_INDEXER_CONN_STR: %v", err) u = &url.URL{} } - Indexer.IssueConnAuth, _ = u.User.Password() + p, _ := u.User.Password() + Indexer.IssueConnAuth = util.SensitivePasswordString(p) u.User = nil - Indexer.IssueConnStr = u.String() + Indexer.IssueConnStr = util.SensitiveURLString(u.String()) } } @@ -82,7 +84,7 @@ func loadIndexerFrom(rootCfg ConfigProvider) { if !filepath.IsAbs(Indexer.RepoPath) { Indexer.RepoPath = filepath.ToSlash(filepath.Join(AppWorkPath, Indexer.RepoPath)) } - Indexer.RepoConnStr = sec.Key("REPO_INDEXER_CONN_STR").MustString("") + Indexer.RepoConnStr = util.SensitiveURLString(sec.Key("REPO_INDEXER_CONN_STR").MustString("")) Indexer.RepoIndexerName = sec.Key("REPO_INDEXER_NAME").MustString("gitea_codes") Indexer.IncludePatterns = IndexerGlobFromString(sec.Key("REPO_INDEXER_INCLUDE").MustString("")) diff --git a/modules/setting/queue.go b/modules/setting/queue.go index 251a6c1e305cc..8acb442223685 100644 --- a/modules/setting/queue.go +++ b/modules/setting/queue.go @@ -9,6 +9,7 @@ import ( "code.gitea.io/gitea/modules/json" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" ) // QueueSettings represent the settings for a queue from the ini @@ -17,8 +18,8 @@ type QueueSettings struct { Type string Datadir string - ConnStr string // for leveldb or redis - Length int // max queue length before blocking + ConnStr util.SensitiveURLString // for leveldb or redis + Length int // max queue length before blocking QueueName, SetName string // the name suffix for storage (db key, redis key), "set" is for unique queue @@ -65,7 +66,7 @@ func GetQueueSettings(rootCfg ConfigProvider, name string) (QueueSettings, error return cfg, nil } if sec.HasKey("CONN_STR") { - cfg.ConnStr = sec.Key("CONN_STR").String() + cfg.ConnStr = util.SensitiveURLString(sec.Key("CONN_STR").String()) } } diff --git a/modules/setting/session.go b/modules/setting/session.go index 19a05ce2c2a5f..79ea5d1bc0adf 100644 --- a/modules/setting/session.go +++ b/modules/setting/session.go @@ -10,6 +10,7 @@ import ( "code.gitea.io/gitea/modules/json" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" ) // SessionConfig defines Session settings @@ -17,7 +18,7 @@ var SessionConfig = struct { OriginalProvider string Provider string // Provider configuration, it's corresponding to provider. - ProviderConfig string + ProviderConfig util.SensitiveURLString // Cookie name to save session ID. Default is "MacaronSession". CookieName string // Cookie path to store. Default is "/". @@ -43,10 +44,10 @@ func loadSessionFrom(rootCfg ConfigProvider) { sec := rootCfg.Section("session") SessionConfig.Provider = sec.Key("PROVIDER").In("memory", []string{"memory", "file", "redis", "mysql", "postgres", "couchbase", "memcache", "db"}) - SessionConfig.ProviderConfig = strings.Trim(sec.Key("PROVIDER_CONFIG").MustString(filepath.Join(AppDataPath, "sessions")), "\" ") - if SessionConfig.Provider == "file" && !filepath.IsAbs(SessionConfig.ProviderConfig) { - SessionConfig.ProviderConfig = filepath.Join(AppWorkPath, SessionConfig.ProviderConfig) - checkOverlappedPath("[session].PROVIDER_CONFIG", SessionConfig.ProviderConfig) + SessionConfig.ProviderConfig = util.SensitiveURLString(strings.Trim(sec.Key("PROVIDER_CONFIG").MustString(filepath.Join(AppDataPath, "sessions")), "\" ")) + if SessionConfig.Provider == "file" && !filepath.IsAbs(SessionConfig.ProviderConfig.String()) { + SessionConfig.ProviderConfig = util.SensitiveURLString(filepath.Join(AppWorkPath, SessionConfig.ProviderConfig.String())) + checkOverlappedPath("[session].PROVIDER_CONFIG", SessionConfig.ProviderConfig.String()) } SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea") SessionConfig.CookiePath = AppSubURL @@ -70,7 +71,7 @@ func loadSessionFrom(rootCfg ConfigProvider) { if err != nil { log.Fatal("Can't shadow session config: %v", err) } - SessionConfig.ProviderConfig = string(shadowConfig) + SessionConfig.ProviderConfig = util.SensitiveURLString(shadowConfig) SessionConfig.OriginalProvider = SessionConfig.Provider SessionConfig.Provider = "VirtualSession" } diff --git a/modules/util/sanitize.go b/modules/util/sanitize.go index 0dd8b342a2a4f..92a036b1935f1 100644 --- a/modules/util/sanitize.go +++ b/modules/util/sanitize.go @@ -8,6 +8,20 @@ import ( "unicode" ) +// SensitiveURLString is a string that may contain sensitive credentials in URLs +type SensitiveURLString string + +func (s SensitiveURLString) String() string { + return string(s) +} + +// SensitivePasswordString is a string that is a sensitive password +type SensitivePasswordString string + +func (s SensitivePasswordString) String() string { + return string(s) +} + type sanitizedError struct { err error } diff --git a/routers/common/middleware.go b/routers/common/middleware.go index 07adee18cec64..655b7a3a0ba3e 100644 --- a/routers/common/middleware.go +++ b/routers/common/middleware.go @@ -110,7 +110,7 @@ func ForwardedHeadersHandler(limit int, trustedProxies []string) func(h http.Han func Sessioner() (func(next http.Handler) http.Handler, error) { middleware, err := session.Sessioner(session.Options{ Provider: setting.SessionConfig.Provider, - ProviderConfig: setting.SessionConfig.ProviderConfig, + ProviderConfig: setting.SessionConfig.ProviderConfig.String(), CookieName: setting.SessionConfig.CookieName, CookiePath: setting.SessionConfig.CookiePath, Gclifetime: setting.SessionConfig.Gclifetime, diff --git a/routers/install/install.go b/routers/install/install.go index 4a9dabac6fe87..887bdcb922c63 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -30,6 +30,7 @@ import ( "code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/translation" "code.gitea.io/gitea/modules/user" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/routers/common" @@ -92,7 +93,7 @@ func Install(ctx *context.Context) { // Database settings form.DbHost = setting.Database.Host form.DbUser = setting.Database.User - form.DbPasswd = setting.Database.Passwd + form.DbPasswd = setting.Database.Passwd.String() form.DbName = setting.Database.Name form.DbPath = setting.Database.Path form.DbSchema = setting.Database.Schema @@ -255,7 +256,7 @@ func SubmitInstall(ctx *context.Context) { setting.Database.Type = setting.DatabaseType(form.DbType) setting.Database.Host = form.DbHost setting.Database.User = form.DbUser - setting.Database.Passwd = form.DbPasswd + setting.Database.Passwd = util.SensitivePasswordString(form.DbPasswd) setting.Database.Name = form.DbName setting.Database.Schema = form.DbSchema setting.Database.SSLMode = form.SSLMode @@ -374,7 +375,7 @@ func SubmitInstall(ctx *context.Context) { cfg.Section("database").Key("HOST").SetValue(setting.Database.Host) cfg.Section("database").Key("NAME").SetValue(setting.Database.Name) cfg.Section("database").Key("USER").SetValue(setting.Database.User) - cfg.Section("database").Key("PASSWD").SetValue(setting.Database.Passwd) + cfg.Section("database").Key("PASSWD").SetValue(setting.Database.Passwd.String()) cfg.Section("database").Key("SCHEMA").SetValue(setting.Database.Schema) cfg.Section("database").Key("SSL_MODE").SetValue(setting.Database.SSLMode) cfg.Section("database").Key("PATH").SetValue(setting.Database.Path) diff --git a/routers/web/admin/config.go b/routers/web/admin/config.go index 774b31ab9842a..7e098f26e794d 100644 --- a/routers/web/admin/config.go +++ b/routers/web/admin/config.go @@ -165,7 +165,7 @@ func Config(ctx *context.Context) { log.Error("Unable to unmarshall session config for virtual provider config: %s\nError: %v", sessionCfg.ProviderConfig, err) } sessionCfg.Provider = realSession.Provider - sessionCfg.ProviderConfig = realSession.ProviderConfig + sessionCfg.ProviderConfig = util.SensitiveURLString(realSession.ProviderConfig) sessionCfg.CookieName = realSession.CookieName sessionCfg.CookiePath = realSession.CookiePath sessionCfg.Gclifetime = realSession.Gclifetime @@ -173,7 +173,7 @@ func Config(ctx *context.Context) { sessionCfg.Secure = realSession.Secure sessionCfg.Domain = realSession.Domain } - sessionCfg.ProviderConfig = shadowPassword(sessionCfg.Provider, sessionCfg.ProviderConfig) + sessionCfg.ProviderConfig = util.SensitiveURLString(shadowPassword(sessionCfg.Provider, sessionCfg.ProviderConfig.String())) ctx.Data["SessionConfig"] = sessionCfg ctx.Data["Git"] = setting.Git diff --git a/tests/integration/create_no_session_test.go b/tests/integration/create_no_session_test.go index 601f5e1733408..76bf2f2d45c14 100644 --- a/tests/integration/create_no_session_test.go +++ b/tests/integration/create_no_session_test.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/modules/json" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/routers" "code.gitea.io/gitea/tests" @@ -73,7 +74,7 @@ func TestSessionFileCreation(t *testing.T) { newConfigBytes, err := json.Marshal(config) assert.NoError(t, err) - setting.SessionConfig.ProviderConfig = string(newConfigBytes) + setting.SessionConfig.ProviderConfig = util.SensitiveURLString(newConfigBytes) testWebRoutes = routers.NormalRoutes()