From 67096cfb9d142dfa92cefa0730d000a8987ac58e Mon Sep 17 00:00:00 2001
From: Clement Michaud <clement.michaud34@gmail.com>
Date: Tue, 17 Oct 2017 23:09:17 +0200
Subject: [PATCH] Remove TOTP secret from endpoint logs

---
 server/src/lib/routes/secondfactor/totp/sign/post.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/server/src/lib/routes/secondfactor/totp/sign/post.ts b/server/src/lib/routes/secondfactor/totp/sign/post.ts
index 194242bbf..b5091579b 100644
--- a/server/src/lib/routes/secondfactor/totp/sign/post.ts
+++ b/server/src/lib/routes/secondfactor/totp/sign/post.ts
@@ -23,12 +23,10 @@ export default function (vars: ServerVariables) {
     return AuthenticationSession.get(req)
       .then(function (_authSession: AuthenticationSession.AuthenticationSession) {
         authSession = _authSession;
-        vars.logger.info(req, "Initiate TOTP validation for user '%s'.", authSession.userid);
+        vars.logger.info(req, "Initiate TOTP validation for user \"%s\".", authSession.userid);
         return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
       })
       .then(function (doc: TOTPSecretDocument) {
-        vars.logger.debug(req, "TOTP secret is %s", JSON.stringify(doc));
-
         if (!vars.totpHandler.validate(token, doc.secret.base32))
           return BluebirdPromise.reject(new Error("Invalid TOTP token."));