Bug 2186802

Summary: While updating any user parameter from WebUI extra password attribute is added to the logs which is misleading as customer may think that password of that user was changed.
Product: Red Hat Satellite Reporter: Aniket <amahindr>
Component: Users & RolesAssignee: satellite6-bugs <satellite6-bugs>
Status: NEW --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.12.3CC: aruzicka, mhulan, oezr
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aniket 2023-04-14 14:37:00 UTC 
Description of problem: 
While updating any user parameter from WebUI extra password attribute is added to the logs which is misleading as customer may think that password of that user was changed.

Version-Release number of selected component (if applicable):
Tested on Satellite 6.10, Satellite 6.11, Satellite 6.12

How reproducible:
If we update user parameter from WebUI we see password change message in the audit and production logs. 
If we update any user parameter using hammer then there would not be any password message in the audit and production logs.

~~~
User (5) update event on password [redacted], [redacted]
~~~

Steps to Reproduce:
1. Update user from Satellite WebUI 
Administer > Users > [Select User]
2. Update any parameter of that user.

Actual results:
In /var/log/foreman/production.log

~~~
User (5) update event on firstname , t
User (5) update event on password [redacted], [redacted]
~~~

Expected results:
In /var/log/foreman/production.log

~~~
User (5) update event on firstname , t
~~~

Additional info: