Email / Password template : Passwords revealed in function error logs

fdidron commented 7 years ago

Issue type:

I am submitting:

[x] an issue
[ ] a feature request

Issue Questions:

What OS and OS version are you experiencing the issue(s) on?

Applies to any OS / OS Version

What is the expected behavior?

The data passed to functions should be logged conditionally by setting an environment var for example (DEBUG = true)

What is the actual behavior?

When checking the execution logs of the signup function, the password is displayed in plain text if the execution resulted in an error. This also affects the authenticate function.

What steps may we take to reproduce the behavior?

Setup a project with email/password auth template
Trigger a Email already in use error by trying to signup with an existing email address
Check the signup function execution logs: gc logs -f signup

kbrandwijk commented 7 years ago

There's a general issue about controlling the logging of sensitive data in the main repo: https://github.com/graphcool/framework/issues/556

fdidron commented 6 years ago

Closing this in favor of the issue above.

prisma-archive / graphcool-templates

Email / Password template : Passwords revealed in function error logs #132