From 95e659e5f74eb973f1fbe71dec9138c5dd3e84c5 Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Tue, 15 Aug 2023 15:33:18 +0200
Subject: [PATCH] Improved the privacy for security logs

As mentioned in issue 262
---
 Moonlight/App/Helpers/StringHelper.cs | 11 +++++++++++
 Moonlight/App/Services/UserService.cs | 10 +++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/Moonlight/App/Helpers/StringHelper.cs b/Moonlight/App/Helpers/StringHelper.cs
index 40069a50..bbcf33bb 100644
--- a/Moonlight/App/Helpers/StringHelper.cs
+++ b/Moonlight/App/Helpers/StringHelper.cs
@@ -43,4 +43,15 @@ public static class StringHelper
 
         return firstChar + restOfString;
     }
+
+    public static string CutInHalf(string input)
+    {
+        if (string.IsNullOrEmpty(input))
+            return input;
+        
+        int length = input.Length;
+        int halfLength = length / 2;
+
+        return input.Substring(0, halfLength);
+    }
 }
\ No newline at end of file
diff --git a/Moonlight/App/Services/UserService.cs b/Moonlight/App/Services/UserService.cs
index 96e5f766..d8f2397b 100644
--- a/Moonlight/App/Services/UserService.cs
+++ b/Moonlight/App/Services/UserService.cs
@@ -106,7 +106,7 @@ public class UserService
 
         if (user == null)
         {
-            Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
+            Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
             throw new DisplayException("Email and password combination not found");
         }
 
@@ -115,7 +115,7 @@ public class UserService
             return user.TotpEnabled;
         }
 
-        Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
+        Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
         throw new DisplayException("Email and password combination not found");;
     }
 
@@ -148,7 +148,7 @@ public class UserService
             }
             else
             {
-                Logger.Warn($"Failed login attempt. Email: {email} Password: {password}", "security");
+                Logger.Warn($"Failed login attempt. Email: {email} Password: {StringHelper.CutInHalf(password)}", "security");
                 throw new DisplayException("2FA code invalid");
             }
         }
@@ -190,7 +190,7 @@ public class UserService
 
         if (user == null)
         {
-            Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {password}", "security");
+            Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {StringHelper.CutInHalf(password)}", "security");
             
             throw new Exception("Invalid username");
         }
@@ -201,7 +201,7 @@ public class UserService
             return user;
         }
         
-        Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {password}", "security");
+        Logger.Warn($"Detected an sftp bruteforce attempt. ID: {id} Password: {StringHelper.CutInHalf(password)}", "security");
         throw new Exception("Invalid userid or password");
     }