mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

improve AuthToken display in P2P --debug

Browse source 
Using an empty string to obscure the AuthToken made it impossible to
tell if one was really being presented or not.
This commit is contained in:
Joey Hess 2025-08-01 12:58:03 -04:00
commit c15dad6040
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
P2P/IO.hs
View file

@ -349,7 +349,7 @@ debugMessage conn prefix m = do
]
where
safem = case m of
AUTH u _ -> AUTH u nullAuthToken
AUTH u _ -> AUTH u displayAuthToken
_ -> m
ConnIdent mident = connIdent conn

7
Utility/AuthToken.hs
View file

@ -1,6 +1,6 @@
{- authentication tokens
-
- Copyright 2016 Joey Hess <id@joeyh.name>
- Copyright 2016-2025 Joey Hess <id@joeyh.name>
-
- License: BSD-2-clause
-}
@ -12,6 +12,7 @@ module Utility.AuthToken (
toAuthToken,
fromAuthToken,
nullAuthToken,
displayAuthToken,
genAuthToken,
AllowedAuthTokens,
allowedAuthTokens,
@ -69,6 +70,10 @@ toAuthToken t
nullAuthToken :: AuthToken
nullAuthToken = AuthToken $ secureMemFromByteString $ TE.encodeUtf8 T.empty
-- | Display in place of a real AuthToken in protocol dumps.
displayAuthToken :: AuthToken
displayAuthToken = AuthToken $ secureMemFromByteString $ TE.encodeUtf8 $ T.pack "<AUTHTOKEN>"
-- | Generates an AuthToken of a specified length. This is done by
-- generating a random bytestring, hashing it with sha2 512, and truncating
-- to the specified length.