[$250] Always mask auth tokens when exporting Onyx state

[TMisiukiewicz]

Problem

When exporting the Onyx state from the Troubleshoot section, sensitive information such as authToken and encryptedAuthToken are not masked by default. These tokens remain exposed until the "Mask fragile user data" option is explicitly enabled. This could lead to a security vulnerability, as anyone with access to the exported state file could potentially view or misuse these tokens.

Solution

To mitigate this risk, it should automatically mask authToken and encryptedAuthToken regardless of whether the "Mask fragile user data" option is enabled.

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~021838166767638673695
• Upwork Job ID: 1838166767638673695
• Last Price Increase: 2024-09-23

Issue Owner

Current Issue Owner: @

Issue Owner

Current Issue Owner: @muttmuure

[TMisiukiewicz]

cc @mountiny

[melvin-bot]

Current assignee @mountiny is eligible for the AutoAssignerNewDotQuality assigner, not assigning anyone new.

[melvin-bot]

📣 @kyy23! 📣
Hey, it seems we don’t have your contributor details yet! You'll only have to do this once, and this is how we'll hire you on Upwork.
Please follow these steps:

1. Make sure you've read and understood the contributing guidelines.
2. Get the email address used to login to your Expensify account. If you don't already have an Expensify account, create one here. If you have multiple accounts (e.g. one for testing), please use your main account email.
3. Get the link to your Upwork profile. It's necessary because we only pay via Upwork. You can access it by logging in, and then clicking on your name. It'll look like this. If you don't already have an account, sign up for one here.
4. Copy the format below and paste it in a comment on this issue. Replace the placeholder text with your actual details.
   
   Format:

Contributor details
Your Expensify account email: <REPLACE EMAIL HERE>
Upwork Profile Link: <REPLACE LINK HERE>

[goldman727]

Hello, TMisiukiewicz
I can mask authToken and encryptedAuthToken automatically. please let me know if you allow me to do it.

[muttmuure]

Merged!

[hoangzinh]

@muttmuure it appears that we haven't processed payment for this issue. Can you double check it? Thank you

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~021838166767638673695

[melvin-bot]

Current assignee @hoangzinh is eligible for the External assigner, not assigning anyone new.

[muttmuure]

Invited

[hoangzinh]

@muttmuure I haven't received the Upwork offer yet. Can you check it again? Thank you

[muttmuure]

Can you share your upwork profile?

[hoangzinh]

Sent you in Slack @muttmuure

[muttmuure]

Offer sent

[hoangzinh]

Accepted. Thanks @muttmuure

[hoangzinh]

cc @muttmuure for payment so we can close this issue ^

[muttmuure]

Paid!