8000 [ISS-3025] Allow removing of email from logs by willwill96 · Pull Request #3026 · oauth2-proxy/oauth2-proxy · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[ISS-3025] Allow removing of email from logs #3026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[ISS-3025] Allow removing of email from logs #3026

wants to merge 1 commit into from

Conversation

willwill96
Copy link
@willwill96 willwill96 commented Ap 8000 r 10, 2025
edited
Loading

Description

This adds a configuration to remove PII from places where the session state is logged out.

Motivation and Context

Fixes #3025

How Has This Been Tested?

Against a locally running version of keycloak.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.
  • I have written tests for my code changes.

@willwill96 willwill96 requested a review from a team as a code owner April 10, 2025 02:45
@github-actions github-actions bot added the go label Apr 10, 2025
willwill96
willwill96 commented Apr 10, 2025
View reviewed changes
pkg/config/config.go
package config

type Config struct {
maskSessionPII bool
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if there is a better place to put this config. I initially tried putting this inside the logger package, however I ran into circular dependency issues when trying to import it from the session_state.go file

william-will-angi
william-will-angi reviewed Apr 10, 2025
View reviewed changes
pkg/apis/sessions/session_state.go
Comment on lines +107 to +111
if config.GetMaskSessionPII() {
o = fmt.Sprintf("Session{user:%s", s.User)
} else {
o = fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s", s.Email, s.User, s.PreferredUsername)
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered having email & preferredUsername hashed, so you could tell when there are identical values, but it feels like the user's id should be sufficient for that use case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@william-will-angi william-will-angi william-will-angi left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
go
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: PII is logged whenever the SessionState object is logged
2 participants
@willwill96 @william-will-angi
0