Don't print invalid access tokens in the logs

Tokens shouldn't be appearing the logs, valid or invalid. Signed-off-by: Travis Ralston <travpc@gmail.com>
2024-07-03 09:58:20 +02:00 · 2018-06-24 12:17:01 -06:00 · 2018-06-24 12:17:01 -06:00 · ec1e799e17
parent 1d009013b3
commit ec1e799e17
1 changed files with 2 additions and 2 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -488,7 +488,7 @@ class Auth(object):
    def _look_up_user_by_access_token(self, token):
        ret = yield self.store.get_user_by_access_token(token)
        if not ret:
-            logger.warn("Unrecognised access token - not in store: %s" % (token,))
+            logger.warn("Unrecognised access token - not in store.")
            raise AuthError(
                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Unrecognised access token.",
                errcode=Codes.UNKNOWN_TOKEN
@ -511,7 +511,7 @@ class Auth(object):
            )
            service = self.store.get_app_service_by_token(token)
            if not service:
-                logger.warn("Unrecognised appservice access token: %s" % (token,))
+                logger.warn("Unrecognised appservice access token.")
                raise AuthError(
                    self.TOKEN_NOT_FOUND_HTTP_STATUS,
                    "Unrecognised access token.",