Filters sensitive credential fields from auth:fail logs (#1504)

app/Listeners/Auth/AuthenticationListener.php

@@ -8,6 +8,10 @@ use Illuminate\Auth\Events\Login;
 
 class AuthenticationListener
 {
+    private const PROTECTED_FIELDS = [
+        'password', 'token', 'secret',
+    ];
+
     /**
      * Handles an authentication event by logging the user and information about
      * the request.
@@ -22,9 +26,11 @@ class AuthenticationListener
 
         if ($event instanceof Failed) {
             foreach ($event->credentials as $key => $value) {
+                if (!in_array($key, self::PROTECTED_FIELDS, true)) {
                     $activity = $activity->property($key, $value);
                 }
             }
+        }
 
         $activity->event($event instanceof Failed ? 'auth:fail' : 'auth:success')->log();
     }