From accc3bfe9de84b13cc19e64592932f1d7c9d114a Mon Sep 17 00:00:00 2001
From: Yasith Fernando <thekindofme@gmail.com>
Date: Tue, 23 Jun 2020 19:23:35 +1000
Subject: [PATCH 1/2] Redact JWT token from logs

---
 .../Zendesk/controllers/Adminhtml/ZendeskController.php      | 5 ++++-
 .../community/Zendesk/Zendesk/controllers/SsoController.php  | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
index c947be74..9992fbad 100644
--- a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
+++ b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
@@ -172,7 +172,10 @@ public function authenticateAction()
             $payload['external_id'] = $user->getId();
         }
 
-        Mage::log('Admin JWT: ' . var_export($payload, true), null, 'zendesk.log');
+        // Redact token then log the rest of the payload
+        $jti_redacted_payload = $payload; // arrays are copied by value in php, not just a ref being passed around
+        $jti_redacted_payload["jti"] = "REDACTED";
+        Mage::log('Admin JWT: ' . var_export($jti_redacted_payload, true), null, 'zendesk.log');
 
         $jwt = JWT::encode($payload, $token);
         $return = $return_url ? "&return_to=".$return_url : "";
diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php b/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
index ad90cf03..946aec36 100644
--- a/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
+++ b/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
@@ -75,7 +75,10 @@ public function loginAction()
             $payload['external_id'] = $user->getId();
         }
 
-        Mage::log('End-user JWT: ' . var_export($payload, true), null, 'zendesk.log');
+        // Redact token then log the rest of the payload
+        $jti_redacted_payload = $payload; // arrays are copied by value in php, not just a ref being passed around
+        $jti_redacted_payload["jti"] = "REDACTED";
+        Mage::log('End-user JWT: ' . var_export($jti_redacted_payload, true), null, 'zendesk.log');
 
         $jwt = JWT::encode($payload, $token);
         $return_url = $return_url ? "&return_to=".$return_url : "";

From abb670f74e9979588283b6aa8c460e8e91b0a11f Mon Sep 17 00:00:00 2001
From: Yasith Fernando <thekindofme@gmail.com>
Date: Wed, 24 Jun 2020 16:11:23 +1000
Subject: [PATCH 2/2] Completely remove JWT related logging

---
 .../Zendesk/controllers/Adminhtml/ZendeskController.php      | 5 -----
 .../community/Zendesk/Zendesk/controllers/SsoController.php  | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
index 9992fbad..2f5daffc 100644
--- a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
+++ b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
@@ -172,11 +172,6 @@ public function authenticateAction()
             $payload['external_id'] = $user->getId();
         }
 
-        // Redact token then log the rest of the payload
-        $jti_redacted_payload = $payload; // arrays are copied by value in php, not just a ref being passed around
-        $jti_redacted_payload["jti"] = "REDACTED";
-        Mage::log('Admin JWT: ' . var_export($jti_redacted_payload, true), null, 'zendesk.log');
-
         $jwt = JWT::encode($payload, $token);
         $return = $return_url ? "&return_to=".$return_url : "";
 
diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php b/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
index 946aec36..516c4d53 100644
--- a/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
+++ b/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
@@ -75,11 +75,6 @@ public function loginAction()
             $payload['external_id'] = $user->getId();
         }
 
-        // Redact token then log the rest of the payload
-        $jti_redacted_payload = $payload; // arrays are copied by value in php, not just a ref being passed around
-        $jti_redacted_payload["jti"] = "REDACTED";
-        Mage::log('End-user JWT: ' . var_export($jti_redacted_payload, true), null, 'zendesk.log');
-
         $jwt = JWT::encode($payload, $token);
         $return_url = $return_url ? "&return_to=".$return_url : "";