diff --git a/lib/model/model.go b/lib/model/model.go index 5610e08ae..5c186a296 100644 --- a/lib/model/model.go +++ b/lib/model/model.go @@ -15,6 +15,7 @@ import ( "fmt" "io" "net" + "os" "path/filepath" "reflect" "runtime" @@ -192,6 +193,8 @@ var ( errEncryptionNotEncryptedRemote = errors.New("folder is configured to be encrypted but not announced thus") errEncryptionNotEncryptedUntrusted = errors.New("device is untrusted, but configured to receive not encrypted data") errEncryptionPassword = errors.New("different encryption passwords used") + errEncryptionTokenRead = errors.New("failed to read encryption token") + errEncryptionTokenWrite = errors.New("failed to write encryption token") errEncryptionNeedToken = errors.New("require password token for receive-encrypted token") errMissingRemoteInClusterConfig = errors.New("remote device missing in cluster config") errMissingLocalInClusterConfig = errors.New("local device missing in cluster config") @@ -1381,9 +1384,12 @@ func (m *model) ccHandleFolders(folders []protocol.Folder, deviceCfg config.Devi if sameError { l.Debugln(msg) } else { + if rerr, ok := err.(*redactedError); ok { + err = rerr.redacted + } + m.evLogger.Log(events.Failure, err.Error()) l.Warnln(msg) } - m.evLogger.Log(events.Failure, err.Error()) return tempIndexFolders, paused, err } if devErrs, ok := m.folderEncryptionFailures[folder.ID]; ok { @@ -1506,7 +1512,13 @@ func (m *model) ccCheckEncryption(fcfg config.FolderConfiguration, folderDevice var err error token, err = readEncryptionToken(fcfg) if err != nil && !fs.IsNotExist(err) { - return err + if rerr, ok := redactPathError(err); ok { + return rerr + } + return &redactedError{ + error: err, + redacted: errEncryptionTokenRead, + } } if err == nil { m.fmut.Lock() @@ -1514,7 +1526,14 @@ func (m *model) ccCheckEncryption(fcfg config.FolderConfiguration, folderDevice m.fmut.Unlock() } else { if err := writeEncryptionToken(ccToken, fcfg); err != nil { - return err + if rerr, ok := redactPathError(err); ok { + return rerr + } else { + return &redactedError{ + error: err, + redacted: errEncryptionTokenWrite, + } + } } m.fmut.Lock() m.folderEncryptionPasswordTokens[fcfg.ID] = ccToken @@ -3258,3 +3277,21 @@ type updatedPendingFolder struct { DeviceID protocol.DeviceID `json:"deviceID"` ReceiveEncrypted bool `json:"receiveEncrypted"` } + +// redactPathError checks if the error is actually a os.PathError, and if yes +// returns a redactedError with the path removed. +func redactPathError(err error) (error, bool) { + perr, ok := err.(*os.PathError) + if !ok { + return nil, false + } + return &redactedError{ + error: err, + redacted: fmt.Errorf("%v: %w", perr.Op, perr.Err), + }, true +} + +type redactedError struct { + error + redacted error +}