Sanitize sensitive data of out config file for the system console (#2849)

1 files changed, 38 insertions, 0 deletions

diff --git a/utils/config.go b/utils/config.go
index 9e2776f75..14d6589a2 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -283,3 +283,41 @@ func ValidateLdapFilter(cfg *model.Config) *model.AppError {
 	}
 	return nil
 }
+
+func Desanitize(cfg *model.Config) {
+	if *cfg.LdapSettings.BindPassword == model.FAKE_SETTING {
+		*cfg.LdapSettings.BindPassword = *Cfg.LdapSettings.BindPassword
+	}
+
+	if cfg.FileSettings.PublicLinkSalt == model.FAKE_SETTING {
+		cfg.FileSettings.PublicLinkSalt = Cfg.FileSettings.PublicLinkSalt
+	}
+	if cfg.FileSettings.AmazonS3SecretAccessKey == model.FAKE_SETTING {
+		cfg.FileSettings.AmazonS3SecretAccessKey = Cfg.FileSettings.AmazonS3SecretAccessKey
+	}
+
+	if cfg.EmailSettings.InviteSalt == model.FAKE_SETTING {
+		cfg.EmailSettings.InviteSalt = Cfg.EmailSettings.InviteSalt
+	}
+	if cfg.EmailSettings.PasswordResetSalt == model.FAKE_SETTING {
+		cfg.EmailSettings.PasswordResetSalt = Cfg.EmailSettings.PasswordResetSalt
+	}
+	if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING {
+		cfg.EmailSettings.SMTPPassword = Cfg.EmailSettings.SMTPPassword
+	}
+
+	if cfg.GitLabSettings.Secret == model.FAKE_SETTING {
+		cfg.GitLabSettings.Secret = Cfg.GitLabSettings.Secret
+	}
+
+	if cfg.SqlSettings.DataSource == model.FAKE_SETTING {
+		cfg.SqlSettings.DataSource = Cfg.SqlSettings.DataSource
+	}
+	if cfg.SqlSettings.AtRestEncryptKey == model.FAKE_SETTING {
+		cfg.SqlSettings.AtRestEncryptKey = Cfg.SqlSettings.AtRestEncryptKey
+	}
+
+	for i := range cfg.SqlSettings.DataSourceReplicas {
+		cfg.SqlSettings.DataSourceReplicas[i] = Cfg.SqlSettings.DataSourceReplicas[i]
+	}
+}