When executing the sample app setup and entering username and password in the local.settings.json the console output after func host start shows the password in clear text in standard and verbose mode. IMHO the password should never be displayed in the output.
To Reproduce
Steps to reproduce the behavior:
Do the basic setup as described in the README.md
Create a local.settings.json for the Azure Function in the FunctionsSample.GWSAMPLE_BASIC and add a password for the JSON key BasicHttpAuthHandler:Password.
Start the Azure Fucntion via func host start or func host start --verbose
Check the output in the console
Expected behavior
The password should not be displayed. If desired the console could reflect that the password was set or not
Screenshots
Additional context
The issue is the code in the file Dependencies/DataOperations.Core/Auth/BasicHttpAuthHandler.cs - line 12 i.e. Console.WriteLine("Password: {0}", _options.Password);
using System.Text;
using Microsoft.Extensions.Options;
namespace DataOperations.Core.Auth.Http
{
public class BasicHttpAuthHandler : IAuthHandler
{
private BasicHttpAuthHandlerOptions _options;
public BasicHttpAuthHandler(IOptions<BasicHttpAuthHandlerOptions> options)
{
_options = options.Value;
Console.WriteLine("UserName: {0}", _options.UserName);
Console.WriteLine("Password: {0}", _options.Password);
}
public IOptions<BasicHttpAuthHandlerOptions> Options { get; }
public async ValueTask<string> GetAuthStringAsync(string scope ="ALL")
{
return $"Basic {Convert.ToBase64String(Encoding.ASCII.GetBytes($"{_options.UserName}:{_options.Password}"))}";
}
}
}
Describe the bug
When executing the sample app setup and entering username and password in the
local.settings.json
the console output afterfunc host start
shows the password in clear text in standard and verbose mode. IMHO the password should never be displayed in the output.To Reproduce
Steps to reproduce the behavior:
README.md
local.settings.json
for the Azure Function in theFunctionsSample.GWSAMPLE_BASIC
and add a password for the JSON keyBasicHttpAuthHandler:Password
.func host start
orfunc host start --verbose
Expected behavior The password should not be displayed. If desired the console could reflect that the password was set or not
Screenshots
Additional context
The issue is the code in the file
Dependencies/DataOperations.Core/Auth/BasicHttpAuthHandler.cs
- line 12 i.e.Console.WriteLine("Password: {0}", _options.Password);