[PR #1504] [MERGED] Filters sensitive credential fields from auth:fail logs #1417

New Issue

OVERLORD · 2026-02-04T19:45:08+03:00

OVERLORD commented

2026-02-04 19:45:08 +03:00

📋 Pull Request Information

Original PR: https://github.com/pelican-dev/panel/pull/1504
Author: @Regen1337
Created: 7/9/2025
Status: ✅ Merged
Merged: 7/17/2025
Merged by: @lancepioch

Base: main ← Head: main

📝 Commits (2)

4431d41 Refactored authentication logging to protect sensitive fields from being exposed in auth:fail logs
a787902 pint

📊 Changes

1 file changed (+7 additions, -1 deletions)

View changed files

📝 app/Listeners/Auth/AuthenticationListener.php (+7 -1)

📄 Description

This patch filters sensitive credential fields during logging, ensuring only safe identifiers (email, username, IP, useragent) are recorded while maintaining the current audit trail functionality.

I also propose purging auth:fail logs in the next update so that any currently logged data is cleared.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/pelican-dev/panel/pull/1504 **Author:** [@Regen1337](https://github.com/Regen1337) **Created:** 7/9/2025 **Status:** ✅ Merged **Merged:** 7/17/2025 **Merged by:** [@lancepioch](https://github.com/lancepioch) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (2) - [`4431d41`](https://github.com/pelican-dev/panel/commit/4431d417ef5538cb132a8eedd5c20d0702cbb27e) Refactored authentication logging to protect sensitive fields from being exposed in auth:fail logs - [`a787902`](https://github.com/pelican-dev/panel/commit/a787902d52d013334edd94dab251b8f95871e5da) pint ### 📊 Changes **1 file changed** (+7 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/Listeners/Auth/AuthenticationListener.php` (+7 -1) </details> ### 📄 Description This patch filters sensitive credential fields during logging, ensuring only safe identifiers (email, username, IP, useragent) are recorded while maintaining the current audit trail functionality. I also propose purging auth:fail logs in the next update so that any currently logged data is cleared. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-04 19:45:08 +03:00

OVERLORD closed this issue

2026-02-04 19:45:12 +03:00

Sign in to join this conversation.

Branches Tags

main

boy132/translatable-subuser-permissions

boy132/backup-hosts

charles/filament-v5

release/v1.0.0-beta33

lance/encodings

release/v1.0.0-beta32

lance/1228

lance/2026

lance/1022

lance/1585

lance/2163

lance/2077

charles/spotlight

charles/ex-im-servers

auto-claude/022-docker-image-links-plugin-dir-wrong

auto-claude/022-docker-image-links-plugin-dir-wrong-clean

release/v1.0.0-beta31

auto-claude/005-run-unit-tests-in-parallel

charles/new-activitylog

release/v1.0.0-beta30

release/v1.0.0-beta29

release/v1.0.0-beta28

release/v1.0.0-beta27

release/v1.0.0-beta26

release/v1.0.0-beta25

release/v1.0.0-beta24

release/v1.0.0-beta23

release/v1.0.0-beta22

release/v1.0.0-beta21

release/v1.0.0-beta20

release/v1.0.0-beta19

release/v1.0.0-beta18

release/v1.0.0-beta17

release/v1.0.0-beta16

release/v1.0.0-beta15

release/v1.0.0-beta14

release/v1.0.0-beta13

release/v1.0.0-beta11

release/v1.0.0-beta10

release/v1.0.0-beta9

release/v1.0.0-beta8

release/v1.0.0-beta7

release/v1.0.0-beta6

release/v1.0.0-beta5

release/v1.0.0-beta4

release/v1.0.0-beta3

release/v1.0.0-beta2

release/v1.0.0-beta1

3.x

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/panel#1417