fix: Pre-empt accidentally leaking PII in logs

This allows using the debug impls of our User structs without worrying too much about accidentally exposing PII. Note that this means `external_user_id` should *never* contain PII, and as such we'll have to change the CSV source. An issue about this will be opened separately.
famedly · Oct 16, 2024 · fcf58bb · fcf58bb
1 parent d194640
commit fcf58bb
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/src/user.rs b/src/user.rs
@@ -7,7 +7,7 @@ use zitadel_rust_client::{Email, Gender, Idp, ImportHumanUserRequest, Phone, Pro
 use crate::{config::FeatureFlags, FeatureFlag};
 
 /// Source-agnostic representation of a user
-#[derive(Clone, Debug)]
+#[derive(Clone)]
 pub(crate) struct User {
 	/// The user's first name
 	pub(crate) first_name: StringOrBytes,
@@ -37,6 +37,20 @@ impl User {
 	}
 }
 
+impl std::fmt::Debug for User {
+	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+		f.debug_struct("User")
+			.field("first_name", &"***")
+			.field("last_name", &"***")
+			.field("email", &"***")
+			.field("phone", &"***")
+			.field("preferred_username", &"***")
+			.field("external_user_id", &self.external_user_id)
+			.field("enabled", &self.enabled)
+			.finish()
+	}
+}
+
 /// Crate-internal representation of a Zitadel user
 #[derive(Clone, Debug)]
 pub struct ZitadelUser {
@@ -108,7 +122,7 @@ impl From<ZitadelUser> for ImportHumanUserRequest {
 
 impl Display for ZitadelUser {
 	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-		write!(f, "email={}", &self.user_data.email)
+		write!(f, "external_id={}", &self.user_data.external_user_id)
 	}
 }