From a260438c5f0697b64aa1915b96f3b8ce25db070c Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Fri, 11 Oct 2024 14:59:36 -0400
Subject: Blind debug output for StoredHash.

This is a little excessive, as PasswordHash (which StoredHash converts to) _does_ derive Debug and exposes the hash, but I'll feel better if the hash never ends up in logs.
---
 src/login/password.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/login')

diff --git a/src/login/password.rs b/src/login/password.rs
index da3930f..14fd981 100644
--- a/src/login/password.rs
+++ b/src/login/password.rs
@@ -4,7 +4,7 @@ use argon2::Argon2;
 use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
 use rand_core::OsRng;
 
-#[derive(Debug, sqlx::Type)]
+#[derive(sqlx::Type)]
 #[sqlx(transparent)]
 pub struct StoredHash(String);
 
@@ -23,6 +23,12 @@ impl StoredHash {
     }
 }
 
+impl fmt::Debug for StoredHash {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("StoredHash").field(&"********").finish()
+    }
+}
+
 #[derive(serde::Deserialize)]
 #[serde(transparent)]
 pub struct Password(String);
-- 
cgit v1.2.3