Mask sensitive information when logging

[Marco129]

Related to issue #1704
Not sure whether the test case should put inside FileLoggerAdapter.spec.js

[codecov-io]

Current coverage is 92.19%

Merging #1790 into master will increase coverage by <.01%

1. File src/ParseServer.js (not in diff) was modified. more
   • Misses -1
   • Partials 0
   • Hits +1

@@             master      #1790   diff @@
==========================================
  Files            87         87          
  Lines          6206       6210     +4   
  Methods        1069       1069          
  Messages          0          0          
  Branches       1292       1293     +1   
==========================================
+ Hits           5720       5725     +5   
+ Misses          486        485     -1   
  Partials          0          0          

Powered by Codecov. Last updated by 1854928...dbb04e6

[ghost]

@Marco129 updated the pull request.

[drew-gross]

I think it might make more sense to do this at the object level, ie. check if the request is for the _User class, and set the password to ******** if it is. Then we will only filter exactly what we want, instead of catching things like password: blah inside other columns or inside objects. That might require bigger changes to where we log stuff though. Thoughts?

[ghost]

@Marco129 updated the pull request.

[ghost]

@Marco129 updated the pull request.

[Marco129]

@drew-gross Agree with that. Updated the PR to reflect the changes.

[jameslin101]

I'm still getting passwords being shown in my log file here, running parse-server 2.2.12

`at=info`` method=GET path="/1/login?password=somepassword&username=someusername" host=someapp.herokuapp.com request_id=a8dae8fc-7c0a-4e2c-82de-493b168e2291 fwd="54.227.100.56" dyno=web.1 connect=0ms service=382ms status=200 bytes=1632