references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-13 19:20:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Filter more sensitive data in VCR

Browse Source 
* All kinds of HTTP Authorization headers
* client_id, client_secret and refresh_token passed in request body
* refresh_token received from IDP

This is a bit more exhaustive than the filtering performed previously.
This commit is contained in:
Jan Sandbrink
2025-12-17 10:49:14 +01:00
parent f86a61ffac
commit 5874c681cb
2 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/storages/spec/common/storages/adapters/providers/nextcloud/commands/create_folder_command_spec.rb
+2
View File
@@ -104,6 +104,8 @@ module Storages
private
def delete_created_folder(folder)
return if folder.nil?
Input::DeleteFolder.build(location: folder.location).bind do |input_data|
Registry.resolve("nextcloud.commands.delete_folder").call(storage:, auth_strategy:, input_data:)
end
spec/support/vcr.rb
+26 -8
View File
@@ -48,26 +48,44 @@ VCR.configure do |config|
i.response.body.force_encoding("UTF-8")
end
config.filter_sensitive_data "<BASIC_AUTH>" do |interaction|
header = interaction.request.headers["Authorization"]&.first&.split
config.filter_sensitive_data "<SECRET>" do |interaction|
_type, secret = interaction.request.headers["Authorization"]&.first&.split(" ", 2)
header.last if header&.first == "Basic"
secret
end
config.filter_sensitive_data "<BEARER TOKEN>" do |interaction|
header = interaction.request.headers["Authorization"]&.first&.split
config.filter_sensitive_data "<CLIENT_SECRET>" do |interaction|
content_type = interaction.request.headers["Content-Type"]&.first
header.last if header&.first == "Bearer"
if content_type&.include?("application/x-www-form-urlencoded")
URI.decode_www_form(interaction.request.body).to_h["client_secret"]
end
end
config.filter_sensitive_data "<REFRESH_TOKEN>" do |interaction|
content_type = interaction.request.headers["Content-Type"]&.first
if content_type&.include?("application/x-www-form-urlencoded")
URI.decode_www_form(interaction.request.body).to_h["refresh_token"]
end
end
config.filter_sensitive_data "<ACCESS_TOKEN>" do |interaction|
header_value = interaction.response.headers["Content-Type"]&.first
content_type = interaction.response.headers["Content-Type"]&.first
if header_value&.include?("application/json")
if content_type&.include?("application/json")
MultiJson.load(interaction.response.body)["access_token"]
end
end
config.filter_sensitive_data "<REFRESH_TOKEN>" do |interaction|
content_type = interaction.response.headers["Content-Type"]&.first
if content_type&.include?("application/json")
MultiJson.load(interaction.response.body)["refresh_token"]
end
end
config.default_cassette_options = {
record: ENV.fetch("VCR_RECORD_MODE", :once).to_sym,
allow_playback_repeats: true,