From ea96615460dfcc3c9894086450379b6edf8b8329 Mon Sep 17 00:00:00 2001
From: Marco Adkins <madkins@virtualhold.com>
Date: Thu, 27 Jul 2017 09:30:56 -0400
Subject: [PATCH] Ability to filter passwords from the log in mod_http_api
 (#1888)

* Ability to filter passwords from the log when creating users through the mod_http_api
---
 src/mod_http_api.erl | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl
index 7be05dbf1..ef881d14b 100644
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@@ -538,9 +538,17 @@ json_error(HTTPCode, JSONCode, Message) ->
 
 log(Call, Args, {Addr, Port}) ->
     AddrS = misc:ip_to_list({Addr, Port}),
-    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
+    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, hide_sensitive_args(Args), AddrS, Port]);
 log(Call, Args, IP) ->
-    ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
+    ?INFO_MSG("API call ~s ~p (~p)", [Call, hide_sensitive_args(Args), IP]).
+
+hide_sensitive_args(Args=[_H|_T]) ->
+    lists:map( fun({<<"password">>, Password}) -> {<<"password">>, ejabberd_config:may_hide_data(Password)};
+         ({<<"newpass">>,NewPassword}) -> {<<"newpass">>, ejabberd_config:may_hide_data(NewPassword)};
+         (E) -> E end,
+         Args);
+hide_sensitive_args(NonListArgs) ->
+    NonListArgs.
 
 permission_addon() ->
     Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access, none),