From 2f6ad135ed0b3a6ce05dbc2d737d5ad1f600e5bc Mon Sep 17 00:00:00 2001
From: Vivek Maskara <maskara@zeta.tech>
Date: Mon, 30 Sep 2019 01:41:30 +0530
Subject: [PATCH] Basic logging with redacted sensitive headers

---
 app/build.gradle                                     |  1 +
 .../fr/free/nrw/commons/OkHttpConnectionFactory.java | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/build.gradle b/app/build.gradle
index 19c02d1009..45b0858aca 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -53,6 +53,7 @@ dependencies {
     api('com.github.tony19:logback-android-classic:1.1.1-6') {
         exclude group: 'com.google.android', module: 'android'
     }
+    implementation "com.squareup.okhttp3:logging-interceptor:4.2.0"
 
     // Dependency injector
     implementation "com.google.dagger:dagger:$DAGGER_VERSION"
diff --git a/app/src/main/java/fr/free/nrw/commons/OkHttpConnectionFactory.java b/app/src/main/java/fr/free/nrw/commons/OkHttpConnectionFactory.java
index e77a826182..59ece06cb3 100644
--- a/app/src/main/java/fr/free/nrw/commons/OkHttpConnectionFactory.java
+++ b/app/src/main/java/fr/free/nrw/commons/OkHttpConnectionFactory.java
@@ -31,12 +31,22 @@ private static OkHttpClient createClient() {
         return new OkHttpClient.Builder()
                 .cookieJar(SharedPreferenceCookieManager.getInstance())
                 .cache(NET_CACHE)
-                .addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY))
+                .addInterceptor(getLoggingInterceptor())
                 .addInterceptor(new UnsuccessfulResponseInterceptor())
                 .addInterceptor(new CommonHeaderRequestInterceptor())
                 .build();
     }
 
+    private static HttpLoggingInterceptor getLoggingInterceptor() {
+        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor()
+                .setLevel(HttpLoggingInterceptor.Level.BASIC);
+
+        httpLoggingInterceptor.redactHeader("Authorization");
+        httpLoggingInterceptor.redactHeader("Cookie");
+
+        return httpLoggingInterceptor;
+    }
+
     private static class CommonHeaderRequestInterceptor implements Interceptor {
         @Override @NonNull public Response intercept(@NonNull Chain chain) throws IOException {
             Request request = chain.request().newBuilder()