From adefbbaf6ea132f3a65fcbef6d141a3dad0732eb Mon Sep 17 00:00:00 2001
From: Brian Cain <bcain@hashicorp.com>
Date: Wed, 12 Sep 2018 14:22:36 -0700
Subject: [PATCH] Scrub Vagrant Cloud tokens from RestClient logger

---
 lib/vagrant.rb                          | 20 ++++++++++++++------
 plugins/commands/cloud/client/client.rb |  1 +
 plugins/commands/cloud/util.rb          |  2 ++
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/lib/vagrant.rb b/lib/vagrant.rb
index 5df512049..25c61909d 100644
--- a/lib/vagrant.rb
+++ b/lib/vagrant.rb
@@ -49,7 +49,16 @@ if ENV["VAGRANT_LOG"] && ENV["VAGRANT_LOG"] != ""
   # Set the logging level on all "vagrant" namespaced
   # logs as long as we have a valid level.
   if level
-    logger = Log4r::Logger.new("vagrant")
+    # NOTE: We must do this little hack to allow
+    # rest-client to write using the `<<` operator.
+    # See https://github.com/rest-client/rest-client/issues/34#issuecomment-290858
+    # for more information
+    class VagrantLogger < Log4r::Logger
+      def << (msg)
+        debug(msg.strip)
+      end
+    end
+    logger = VagrantLogger.new("vagrant")
     logger.outputters = Log4r::Outputter.stderr
     logger.level = level
     base_formatter = Log4r::BasicFormatter.new
@@ -59,15 +68,14 @@ if ENV["VAGRANT_LOG"] && ENV["VAGRANT_LOG"] != ""
         date_pattern: "%F %T"
       )
     end
-    Log4r::Outputter.stderr.formatter = Vagrant::Util::LoggingFormatter.new(base_formatter)
-    logger = nil
-
     # Cloud gem uses RestClient to make HTTP requests, so
     # log them if debug is enabled
     if level == 1
-      # TODO: Need to ensure token is marked sensitive, if possible here
-      ENV["RESTCLIENT_LOG"] = "stdout"
+      require 'rest_client'
+      RestClient.log = logger
     end
+    Log4r::Outputter.stderr.formatter = Vagrant::Util::LoggingFormatter.new(base_formatter)
+    logger = nil
   end
 end
 
diff --git a/plugins/commands/cloud/client/client.rb b/plugins/commands/cloud/client/client.rb
index b0ef7e9db..3ca4826fe 100644
--- a/plugins/commands/cloud/client/client.rb
+++ b/plugins/commands/cloud/client/client.rb
@@ -40,6 +40,7 @@ module VagrantPlugins
       def logged_in?
         token = self.token
         return false if !token
+        Vagrant::Util::CredentialScrubber.sensitive(token)
 
         with_error_handling do
           url = "#{Vagrant.server_url}/api/v1/authenticate" +
diff --git a/plugins/commands/cloud/util.rb b/plugins/commands/cloud/util.rb
index 6dfe4806e..ebcadbb9b 100644
--- a/plugins/commands/cloud/util.rb
+++ b/plugins/commands/cloud/util.rb
@@ -37,6 +37,7 @@ module VagrantPlugins
               env.ui.output("Vagrant Cloud URL: #{Vagrant.server_url}")
             end
 
+            options = {} if !options
             # Ask for the username
             if options[:login]
               @_client.username_or_email = options[:login]
@@ -75,6 +76,7 @@ module VagrantPlugins
             end
 
             @_client.store_token(token)
+            Vagrant::Util::CredentialScrubber.sensitive(token)
             env.ui.success(I18n.t("cloud_command.logged_in"))
             @_client
           end