Mask sensitive information when logging

Author: Marco129

spec/FileLoggerAdapter.spec.js

@@ -1,3 +1,5 @@
+'use strict';
+
 var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
 var Parse = require('parse/node').Parse;
 
@@ -21,6 +23,28 @@ describe('info logs', () => {
       });
     });
   });
+
+  it("Can mask sensitive information", (done) => {
+    let customConfig = Object.assign({}, defaultConfiguration, {verbose: true});
+    setServerConfiguration(customConfig);
+    createTestUser().then(() => {
+      let fileLoggerAdapter = new FileLoggerAdapter();
+      fileLoggerAdapter.query({
+        from: new Date(Date.now() - 500),
+        size: 100,
+        level: 'verbose'
+      }, (results) => {
+        if(results.length == 0) {
+          fail('The adapter should return non-empty results');
+          done();
+        } else {
+          expect(results[1].message.includes('"password": "******"')).toEqual(true);
+          done();
+        }
+      });
+    });
+  });
+
 });
 
 describe('error logs', () => {

src/PromiseRouter.js

@@ -154,8 +154,15 @@ export default class PromiseRouter {
 function makeExpressHandler(promiseHandler) {
   return function(req, res, next) {
     try {
+      // Mask sensitive information in logger
+      let maskBody = Object.assign({}, req.body);
+      for (let key of Object.keys(maskBody)) {
+        if (key == 'password') {
+          maskBody[key] = '******';
+        }
+      }
       log.verbose(req.method, req.originalUrl, req.headers,
-                  JSON.stringify(req.body, null, 2));
+                  JSON.stringify(maskBody, null, 2));
       promiseHandler(req).then((result) => {
         if (!result.response && !result.location && !result.text) {
           log.error('the handler did not include a "response" or a "location" field');