From 1113ffe0f78a14793ce0f37e938da8a6c0cefa27 Mon Sep 17 00:00:00 2001
From: Rain <125764136+Regen1337@users.noreply.github.com>
Date: Thu, 17 Jul 2025 16:45:38 -0400
Subject: [PATCH] Filters sensitive credential fields from auth:fail logs
 (#1504)

---
 app/Listeners/Auth/AuthenticationListener.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Listeners/Auth/AuthenticationListener.php b/app/Listeners/Auth/AuthenticationListener.php
index 5efaf0bff..5176da59f 100644
--- a/app/Listeners/Auth/AuthenticationListener.php
+++ b/app/Listeners/Auth/AuthenticationListener.php
@@ -8,6 +8,10 @@ use Illuminate\Auth\Events\Login;
 
 class AuthenticationListener
 {
+    private const PROTECTED_FIELDS = [
+        'password', 'token', 'secret',
+    ];
+
     /**
      * Handles an authentication event by logging the user and information about
      * the request.
@@ -22,7 +26,9 @@ class AuthenticationListener
 
         if ($event instanceof Failed) {
             foreach ($event->credentials as $key => $value) {
-                $activity = $activity->property($key, $value);
+                if (!in_array($key, self::PROTECTED_FIELDS, true)) {
+                    $activity = $activity->property($key, $value);
+                }
             }
         }