ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1638166] Re: trace leaks user IDs and passwords

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Alberto Mardegan <1638166@xxxxxxxxxxxxxxxxxx>
Date: Wed, 02 Nov 2016 14:43:05 -0000
Reply-to: Bug 1638166 <1638166@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: webapps-sprint
   Importance: Undecided
       Status: New

** Changed in: webapps-sprint
       Status: New => In Progress

** Changed in: webapps-sprint
   Importance: Undecided => Critical

** Changed in: webapps-sprint
     Assignee: (unassigned) => Alberto Mardegan (mardy)

** Changed in: webapps-sprint
    Milestone: None => sprint-27

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to online-accounts-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1638166

Title:
  trace leaks user IDs and passwords

Status in webapps-sprint:
  In Progress
Status in online-accounts-api package in Ubuntu:
  In Progress

Bug description:
  When using the online accounts qt API, I see trace produced in my
  tests such as this:

  reply data: QMap(("AccessToken", QVariant(QString,
  "access_token"))("ExpiresIn", QVariant(int, 0))("GrantedScopes",
  QVariant(QStringList, ("scope1", "scope2"))))

  This is undesirable because it spams stderr; please remove the trace.

  Worse, it  looks like the user ID and password are printed here in
  plain text. For example, in the owncloud provider tests, we see this:

  reply data: QMap(("Password", QVariant(QString, "pass"))("Username",
  QVariant(QString, "user")))

To manage notifications about this bug go to:
https://bugs.launchpad.net/webapps-sprint/+bug/1638166/+subscriptions