password in toString in generated model

[BernhardBln]

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

[wing328]

Agree with you that password should be not captured in the log file.

Technically it's possible by introducing a new boolean flag isPassword that can be used in the template.

[BernhardBln]

But why do you need this extra flag? You already have the "password" format, as shown in my example above. IMHO, that should be enough to exclude the password.

Otherwise you end up always setting up both:

password:
        type: string
        format: password
        isPasswort: true

But I don't think that is necessary.

[wing328]

that's not what i mean. in the mustache template, there's no access to format and mustache is a logic-less template so there's no way to set condition.

have a look at https://github.com/swagger-api/swagger-codegen/wiki/Mustache-Template-Variables and you will know what i mean

[BernhardBln]

Oh, I see. Alright :)

[wing328]

I've flagged the request as "Need community contribution" to see if anyone from the community has cycle to implement that.