yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: stop logging token prefix on failed agent auth

Browse Source 
The first 6 characters of invalid agent tokens were logged, leaking
partial credential information. Remove token_prefix from log messages
while preserving the request path for debugging.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-03 13:39:04 -07:00
committed by Abhimanyu Saharan
parent 66da278673
commit 4257c08ba9
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/app/core/agent_auth.py
View File

@@ -128,9 +128,8 @@ async def get_agent_auth_context(
agent = await _find_agent_for_token(session, resolved) agent = await _find_agent_for_token(session, resolved)
if agent is None: if agent is None:
logger.warning( logger.warning(
"agent auth invalid token path=%s token_prefix=%s", "agent auth invalid token path=%s",
request.url.path, request.url.path,
resolved[:6],
) )
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
await _touch_agent_presence(request, session, agent) await _touch_agent_presence(request, session, agent)
@@ -170,9 +169,8 @@ async def get_agent_auth_context_optional(
if agent is None: if agent is None:
if agent_token: if agent_token:
logger.warning( logger.warning(
"agent auth optional invalid token path=%s token_prefix=%s", "agent auth optional invalid token path=%s",
request.url.path, request.url.path,
resolved[:6],
) )
return None return None
await _touch_agent_presence(request, session, agent) await _touch_agent_presence(request, session, agent)