shadowsocks: Mark secret strings in privileged actions

Tests: - Run affected privileged actions through UI and notice that secret strings are not logged. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2024-08-04 11:01:34 -07:00 · 2024-08-04 11:01:34 -07:00 · 4c352619a5
commit 4c352619a5
parent bec5e593b3
2 changed files with 4 additions and 4 deletions
--- a/plinth/modules/shadowsocks/privileged.py
+++ b/plinth/modules/shadowsocks/privileged.py
@ -9,7 +9,7 @@ import string
 from shutil import move

 from plinth import action_utils
-from plinth.actions import privileged
+from plinth.actions import privileged, secret_str

 SHADOWSOCKS_CONFIG_SYMLINK = '/etc/shadowsocks-libev/freedombox.json'
 SHADOWSOCKS_CONFIG_ACTUAL = \
@ -85,8 +85,9 @@ def _merge_config(config):


@privileged
-def merge_config(config: dict[str, int | str]):
+def merge_config(config: dict[str, int | str], password: secret_str):
    """Configure Shadowsocks Client."""
+    config['password'] = password
    _merge_config(config)

    # Don't try_restart because initial configuration may not be valid so
--- a/plinth/modules/shadowsocks/views.py
+++ b/plinth/modules/shadowsocks/views.py
@ -45,11 +45,10 @@ class ShadowsocksAppView(views.AppView):
                'local_port': 1080,
                'server': new_status['server'],
                'server_port': new_status['server_port'],
-                'password': new_status['password'],
                'method': new_status['method'],
            }

-            privileged.merge_config(new_config)
+            privileged.merge_config(new_config, new_status['password'])
            messages.success(self.request, _('Configuration updated'))

        return super().form_valid(form)