From cd0767a7fad8c3423017b3f968e2df41d74f5b62 Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Mon, 26 Aug 2024 13:10:00 +0300
Subject: [PATCH] fix(oxauth): Plaintext passwords logged from
 TokenRestWebServiceImpl with DEBUG log level #1910

---
 .../src/main/java/org/gluu/oxauth/util/ServerUtil.java |  3 +++
 .../test/java/org/gluu/oxauth/util/ServerUtilTest.java | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/Server/src/main/java/org/gluu/oxauth/util/ServerUtil.java b/Server/src/main/java/org/gluu/oxauth/util/ServerUtil.java
index c2c5a3c46..47ee2dcc9 100644
--- a/Server/src/main/java/org/gluu/oxauth/util/ServerUtil.java
+++ b/Server/src/main/java/org/gluu/oxauth/util/ServerUtil.java
@@ -66,6 +66,9 @@ public static Map<String, String[]> prepareForLogs(Map<String, String[]> paramet
         if (result.containsKey("client_secret")) {
             result.put("client_secret", new String[] {"*****"});
         }
+        if (result.containsKey("password")) {
+            result.put("password", new String[] {"*****"});
+        }
         return result;
     }
 
diff --git a/Server/src/test/java/org/gluu/oxauth/util/ServerUtilTest.java b/Server/src/test/java/org/gluu/oxauth/util/ServerUtilTest.java
index 5cc7311fe..fb8b8b928 100644
--- a/Server/src/test/java/org/gluu/oxauth/util/ServerUtilTest.java
+++ b/Server/src/test/java/org/gluu/oxauth/util/ServerUtilTest.java
@@ -21,4 +21,14 @@ public void prepareForLogs_whenCalled_shouldNotHaveClearTextClientPassword() {
 
         assertEquals("*****", result.get("client_secret")[0]);
     }
+
+    @Test
+    public void prepareForLogs_whenCalled_shouldNotHaveClearTextPassword() {
+        Map<String, String[]> parameters = new HashMap<>();
+        parameters.put("password", new String[] {"124"});
+
+        final Map<String, String[]> result = ServerUtil.prepareForLogs(parameters);
+
+        assertEquals("*****", result.get("password")[0]);
+    }
 }