0ct0pu5/Moonlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #270 from Moonlight-Panel/ImproveSecurityLogPrivacy

Browse source 
Improved the privacy for security logs
This commit is contained in:
Marcel Baumgartner 2023-08-15 15:33:38 +02:00 committed by GitHub
commit c80622c2fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Moonlight/App/Helpers/StringHelper.cs
View file

@ -43,4 +43,15 @@ public static class StringHelper
return firstChar + restOfString;
}
public static string CutInHalf(string input)
{
if (string.IsNullOrEmpty(input))
return input;
int length = input.Length;
int halfLength = length / 2;
return input.Substring(0, halfLength);
}
}

10
Moonlight/App/Services/UserService.cs
View file

@ -106,7 +106,7 @@ public class UserService
if (user == null)
{
Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
throw new DisplayException("Email and password combination not found");
}
@ -115,7 +115,7 @@ public class UserService
return user.TotpEnabled;
}
Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
throw new DisplayException("Email and password combination not found");;
}
@ -148,7 +148,7 @@ public class UserService
}
else
{
Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
throw new DisplayException("2FA code invalid");
}
}
@ -190,7 +190,7 @@ public class UserService
if (user == null)
{
Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {password}", "security");
Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {StringHelper.CutInHalf(password)}", "security");
throw new Exception("Invalid username");
}
@ -201,7 +201,7 @@ public class UserService
return user;
}
Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {password}", "security");
Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {StringHelper.CutInHalf(password)}", "security");
throw new Exception("Invalid userid or password");
}