Password logged in the clear with missconfiguration on login

[mrjones-plip]

I'm configuring the UMT locally and am having trouble logging in due to a misconfiguration. We should strive to not to log passwords in the clear if possible.

I first tried the right user and wrong password. The logs showed:

Login error: Invalid username or password

However, when I logged in with the right user and right password, I hit a scenario where the UI said:

Unexpected error logging in

additionally, in the error logs of the main container cht-user-management-1 I saw multiple instances of the login and password:

• responseUrl: 'https://umt:Medic321@192-168-68-199.local-ip.medicmobile.org:10443/',
• _currentUrl: 'https://umt:Medic321@192-168-68-199.local-ip.medicmobile.org:10443/',
• data: '{"name":"umt","password":"Medic321"}',
• auth: { username: 'umt', password: 'Medic321' },

See zip of entire log

Steps to reproduce:

1. set up CHT instance using docker helper

2. set up UMT using current main branch and pointing to docker helper instance. .env is:

   NODE_ENV=dev                         # set to "dev" to use CHT_DEV_URL_PORT below, leave empty for production
   COOKIE_PRIVATE_KEY=642d611-4f4c-48c5-b1ca-10f9e23bda9          # unique random key, use uuidgen to populate
   WORKER_PRIVATE_KEY=3642d611-4f4c-48c5-b1ca-10f9e23bda93       # unique random key, 
   CONFIG_NAME=chis-ke               # Name of the configuration
   INTERFACE=0.0.0.0                 # Leave as '0.0.0.0' for prod, suggest '127.0.0.1' for development
   CHT_DEV_HTTP='false'                            # 'true' for http  'false' for https
   CHT_DEV_URL_PORT=192-168-68-199.local-ip.medicmobile.org:10443  # where your dev CHT instance is, hostname:port
   

3. create new umt user with User Manager and password Medic321

4. go to http://localhost:3500/login and login with umt user and password Medic321

5. run docker logs -f cht-user-management-cht-user-management-1 to see logs

expected: no passwords in error log
actual: cleartext passwords in log