Remove password from stringified outputs (#2070)

* Keep ConnectionParameters’s password property writable `Client` writes to it when `password` is a function. * Avoid creating password property on pool options when it didn’t exist previously. * Allow password option to be non-enumerable to avoid breaking uses like `new Pool(existingPool.options)`. * Make password property definitions consistent in formatting and configurability.
brianc · Jan 13, 2020 · 1091d7c · 1091d7c
1 parent 26e3a75
commit 1091d7c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 16 deletions.
diff --git a/packages/pg-pool/index.js b/packages/pg-pool/index.js
@@ -60,15 +60,18 @@ class Pool extends EventEmitter {
   constructor (options, Client) {
     super()
     this.options = Object.assign({}, options)
-    const password = this.options.password
-    // "hiding" the password so it doesn't show up in stack traces
-    // or if the client is console.logged
-    Object.defineProperty(this.options, 'password', {
-      configurable: true,
-      enumerable: false,
-      value: password,
-      writable: true
-    })
+
+    if (options != null && 'password' in options) {
+      // "hiding" the password so it doesn't show up in stack traces
+      // or if the client is console.logged
+      Object.defineProperty(this.options, 'password', {
+        configurable: true,
+        enumerable: false,
+        writable: true,
+        value: options.password
+      })
+    }
+
     this.options.max = this.options.max || this.options.poolSize || 10
     this.log = this.options.log || function () { }
     this.Client = this.options.Client || Client || require('pg').Client

diff --git a/packages/pg/lib/client.js b/packages/pg/lib/client.js
@@ -33,12 +33,11 @@ var Client = function (config) {
 
   // "hiding" the password so it doesn't show up in stack traces
   // or if the client is console.logged
-  const password = this.connectionParameters.password
   Object.defineProperty(this, 'password', {
+    configurable: true,
     enumerable: false,
-    configurable: false,
     writable: true,
-    value: password
+    value: this.connectionParameters.password
   })
 
   this.replication = this.connectionParameters.replication

diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
@@ -57,12 +57,11 @@ var ConnectionParameters = function (config) {
 
   // "hiding" the password so it doesn't show up in stack traces
   // or if the client is console.logged
-  const password = val('password', config)
   Object.defineProperty(this, 'password', {
+    configurable: true,
     enumerable: false,
-    configurable: false,
-    writable: false,
-    value: password
+    writable: true,
+    value: val('password', config)
   })
 
   this.binary = val('binary', config)