From 79e65bf6d2963c653208ec3d77ff2b66e10545f6 Mon Sep 17 00:00:00 2001
From: Gus Narea <gnarea@users.noreply.github.com>
Date: Thu, 12 Oct 2023 17:17:32 +0100
Subject: [PATCH] fix(API): Skip logging of member key import token upon
 creation

It's a security issue.

I also took the liberty of replacing it with the service OID, which can be handy.
---
 src/memberKeyImportToken.spec.ts | 2 +-
 src/memberKeyImportToken.ts      | 5 +----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/memberKeyImportToken.spec.ts b/src/memberKeyImportToken.spec.ts
index e7af418..307c029 100644
--- a/src/memberKeyImportToken.spec.ts
+++ b/src/memberKeyImportToken.spec.ts
@@ -73,7 +73,7 @@ describe('member key import token', () => {
       expect(dbResult!.serviceOid).toStrictEqual(TEST_SERVICE_OID);
       expect(mockLogging.logs).toContainEqual(
         partialPinoLog('info', 'Member key import token created', {
-          memberKeyImportToken: meberKeyImportToken.result.id,
+          serviceOid: TEST_SERVICE_OID,
         }),
       );
     });
diff --git a/src/memberKeyImportToken.ts b/src/memberKeyImportToken.ts
index b2efa4d..a72eb70 100644
--- a/src/memberKeyImportToken.ts
+++ b/src/memberKeyImportToken.ts
@@ -26,10 +26,7 @@ export async function createMemberKeyImportToken(
     serviceOid,
   });
 
-  options.logger.info(
-    { memberKeyImportToken: memberKeyImportToken.id },
-    'Member key import token created',
-  );
+  options.logger.info({ serviceOid }, 'Member key import token created');
   return {
     didSucceed: true,