diff --git a/middleware/auth.go b/middleware/auth.go index 9d119a9..56a0eb2 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -235,7 +235,7 @@ func (a *Authenticator) basicAdminUser(r *http.Request) bool { // using ConstantTimeCompare to avoid timing attack if user != "admin" || subtle.ConstantTimeCompare([]byte(passwd), []byte(a.AdminPasswd)) != 1 { - a.Logf("[WARN] admin basic auth failed, user/passwd mismatch, %s:%s", user, passwd) + a.Logf("[WARN] admin basic auth failed for user %q", user) return false } diff --git a/middleware/auth_test.go b/middleware/auth_test.go index 302510d..41a9257 100644 --- a/middleware/auth_test.go +++ b/middleware/auth_test.go @@ -7,6 +7,7 @@ import ( "net/http" "net/http/cookiejar" "net/http/httptest" + "strings" "sync" "sync/atomic" "testing" @@ -335,6 +336,23 @@ func TestAuthWithBasic(t *testing.T) { assert.Equal(t, 401, resp.StatusCode, "admin with basic not allowed") } +func TestBasicAdminUserDoesNotLogPassword(t *testing.T) { + const secret = "super-secret-attempted-passwd" + var buf strings.Builder + a := makeTestAuth(t) + a.L = logger.Func(func(format string, args ...interface{}) { + fmt.Fprintf(&buf, format, args...) + }) + + r, err := http.NewRequest("GET", "/auth", http.NoBody) + require.NoError(t, err) + r.SetBasicAuth("admin", secret) + + assert.False(t, a.basicAdminUser(r), "wrong password must not authenticate") + assert.NotContains(t, buf.String(), secret, "attempted password must not appear in logs") + assert.Contains(t, buf.String(), "admin basic auth failed", "rejection should still be logged") +} + func TestAuthWithBasicChecker(t *testing.T) { a := makeTestAuth(t) a.AdminPasswd = "" // disable admin diff --git a/v2/middleware/auth.go b/v2/middleware/auth.go index bb37549..ea8f648 100644 --- a/v2/middleware/auth.go +++ b/v2/middleware/auth.go @@ -243,7 +243,7 @@ func (a *Authenticator) basicAdminUser(r *http.Request) bool { // using ConstantTimeCompare to avoid timing attack if user != "admin" || subtle.ConstantTimeCompare([]byte(passwd), []byte(a.AdminPasswd)) != 1 { - a.Logf("[WARN] admin basic auth failed, user/passwd mismatch, %s:%s", user, passwd) + a.Logf("[WARN] admin basic auth failed for user %q", user) return false } diff --git a/v2/middleware/auth_test.go b/v2/middleware/auth_test.go index 3eeec4b..fcc687e 100644 --- a/v2/middleware/auth_test.go +++ b/v2/middleware/auth_test.go @@ -7,6 +7,7 @@ import ( "net/http" "net/http/cookiejar" "net/http/httptest" + "strings" "sync" "sync/atomic" "testing" @@ -334,6 +335,23 @@ func TestAuthWithBasic(t *testing.T) { assert.Equal(t, 401, resp.StatusCode, "admin with basic not allowed") } +func TestBasicAdminUserDoesNotLogPassword(t *testing.T) { + const secret = "super-secret-attempted-passwd" + var buf strings.Builder + a := makeTestAuth(t) + a.L = logger.Func(func(format string, args ...interface{}) { + fmt.Fprintf(&buf, format, args...) + }) + + r, err := http.NewRequest("GET", "/auth", http.NoBody) + require.NoError(t, err) + r.SetBasicAuth("admin", secret) + + assert.False(t, a.basicAdminUser(r), "wrong password must not authenticate") + assert.NotContains(t, buf.String(), secret, "attempted password must not appear in logs") + assert.Contains(t, buf.String(), "admin basic auth failed", "rejection should still be logged") +} + func TestAuthWithBasicChecker(t *testing.T) { a := makeTestAuth(t) a.AdminPasswd = "" // disable admin