From 26538afdf1c8fdad14208d08a19bafb41e42044c Mon Sep 17 00:00:00 2001
From: Tom Clegg <tclegg@veritasgenetics.com>
Date: Thu, 3 May 2018 10:05:40 -0400
Subject: [PATCH] 12626: Log UUID of auth record (if any) instead of supplied
 token.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>
---
 services/api/config/initializers/lograge.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/services/api/config/initializers/lograge.rb b/services/api/config/initializers/lograge.rb
index db9b2255c2..ef4e428bff 100644
--- a/services/api/config/initializers/lograge.rb
+++ b/services/api/config/initializers/lograge.rb
@@ -27,6 +27,16 @@ Server::Application.configure do
       end
     end
 
+    # Redact new_user_token param in /arvados/v1/users/merge
+    # request. Log the auth UUID instead, if the token exists.
+    if params['new_user_token'].is_a? String
+      params['new_user_token_uuid'] =
+        ApiClientAuthorization.
+          where('api_token = ?', params['new_user_token']).
+          first.andand.uuid
+      params['new_user_token'] = '[...]'
+    end
+
     params_s = SafeJSON.dump(params)
     if params_s.length > Rails.configuration.max_request_log_params_size
       payload[:params_truncated] = params_s[0..Rails.configuration.max_request_log_params_size] + "[...]"
-- 
2.39.5