authlete 1.39.0 → 1.40.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad3294911fdac07bffbcfba52de0394b6c9c54238aa5de3ad04aa527f80fb917
-  data.tar.gz: 52176abfc6daf0fea4516e0da863df86f32a56b392cbf46f2af7d973af8d09a8
+  metadata.gz: 74a860b721b7613f2db6d38a29c773099a775a6a2db4cad9aee401acfc5c3720
+  data.tar.gz: a9f1de04dc44a566132358b9f90c5c72db7e8e05891c9bb8b48f32c5394c47a2
 SHA512:
-  metadata.gz: 29e9942e712d2886dd590b47d5eed7581b3b998eae80a2c333c5c5aa5757e53d9c72eab6ef46f8cbd87e4823de32d9619fc8ee514cb03fb6351f8d61d8270f5d
-  data.tar.gz: e67b9f685e1d4da518846dcac25fb5bfeea283efbc97e1a3b07f7059e6971f66f8fe7cb6ac62940d49882f7da148af5594a25fa61154569597fcd7eea8a48428
+  metadata.gz: 0cdcaef0259445a1ba5067fbc5fd7e3f97cbf8f1ee01c5b7b346ce379e3cbe11447be47893e5b7d39cebd0feacc8d108df2fe7aede2cff8410de3831b8300bd6
+  data.tar.gz: 19d66a165c4d2cebdc19dcc35f2c8dcf72f964b5a5a5bd15fdf195106290d495e728608bd69658cb4e4820c9b87243c1fe56b95aa8d10cdb5e6b06d087baf06d

data/README.md

@@ -6,6 +6,44 @@ authlete-ruby-gem
 Ruby library for [Authlete Web APIs](https://docs.authlete.com/).
 
 
+# REST Client Logging Configuration
+
+The library provides control over `rest-client` logging behavior through `Authlete::LoggingLevel`:
+
+- `DEFAULT` - Respects the logger set in `RestClient.log` (default behavior)
+- `SENSITIVE` - Logs all information but redacts sensitive data (tokens, credentials)
+- `NONE` - Disables all logging, useful for handling sensitive PII data
+
+Example configuration:
+
+```ruby
+# Default behavior (uses RestClient.log as is)
+config = {
+  host: 'https://api.authlete.com',
+  service_api_key: 'YOUR_KEY',
+  service_api_secret: 'YOUR_SECRET',
+  rest_client_logging_level: Authlete::LoggingLevel::DEFAULT
+}
+
+# Redact sensitive data
+config = {
+  host: 'https://api.authlete.com',
+  service_api_key: 'YOUR_KEY',
+  service_api_secret: 'YOUR_SECRET',
+  rest_client_logging_level: Authlete::LoggingLevel::SENSITIVE
+}
+
+# Disable all RestClient logging
+config = {
+  host: 'https://api.authlete.com',
+  service_api_key: 'YOUR_KEY',
+  service_api_secret: 'YOUR_SECRET',
+  rest_client_logging_level: Authlete::LoggingLevel::NONE
+}
+
+api_client = Authlete::Api.new(config)
+```
+
 # License
 
 Apache License, Version 2.0

data/lib/authlete/api.rb

@@ -40,6 +40,23 @@ module Authlete
       @service_api_key          = config[:service_api_key]
       @service_api_secret       = config[:service_api_secret]
       @extra_headers            = nil
+
+      configure_logging(config[:rest_client_logging_level])
+    end
+
+    private
+
+    def configure_logging(level)
+      return unless RestClient.log
+
+      case level
+      when LoggingLevel::SENSITIVE
+        RestClient.log = Authlete::SensitiveLogger.new(RestClient.log)
+      when LoggingLevel::NONE
+        RestClient.log = Authlete::NullLogger.new
+      when LoggingLevel::DEFAULT, nil
+        # Keep original logger (default behavior)
+      end
     end
 
     def call_api(method, path, content_type, payload, user, password)

data/lib/authlete/logging.rb

@@ -0,0 +1,94 @@
+module Authlete
+  module LoggingLevel
+    DEFAULT = :default           # Original logging behavior
+    SENSITIVE = :sensitive # Redact sensitive data
+    NONE = :none          # No logging
+  end
+
+  class NullLogger
+    def <<(msg)
+      # NOOP
+    end
+  end
+  
+  class SensitiveLogger
+    SENSITIVE_FIELDS = [
+      # OAuth/OIDC related
+      'client_secret',
+      'access_token',
+      'refresh_token',
+      'authorization_code',
+      'id_token',
+      'code',
+      # Device flow
+      'user_code',              
+      'client_notification_token', 
+
+      # Authlete Credentials
+      'service_api_key',
+      'service_api_secret',
+      'service_owner_api_key',
+      'service_owner_api_secret',
+      'sns_credentials',
+      'developer_sns_credentials',
+      'ticket',
+      'subject',
+      
+      # Authentication & Authorization
+      'password',
+      'token',
+      'authorization',
+      'client_certificate',
+      'client_certificate_path',
+      
+      # JWT/Crypto/Certificate related
+      'jwks',
+      'federation_jwks',
+      'client_secret_expires_at',
+      'trusted_root_certificates',
+      'encryption_key_id',
+      'signature_key_id',
+      'access_token_signature_key_id',
+      'refresh_token_signature_key_id',
+      'id_token_signature_key_id'
+    ].freeze
+
+    SENSITIVE_PATTERNS = SENSITIVE_FIELDS.flat_map do |field|
+      [
+        # JSON format
+        /("#{field}"\s*:\s*)"[^"]*"/,
+        # URL-encoded format
+        /#{field}=([^&\s]+)/
+      ]
+    end.freeze
+
+    REDACTION_MARK = '***** REDACTED *****'
+
+    def initialize(original_logger)
+      @original_logger = original_logger
+    end
+
+    def <<(msg)
+      redacted_msg = redact_sensitive_data(msg)
+      @original_logger << redacted_msg
+    end
+
+    private
+
+    def redact_sensitive_data(msg)
+      return msg unless msg.is_a?(String)
+      
+      redacted = msg.dup
+      SENSITIVE_PATTERNS.each do |pattern|
+        if pattern.to_s.include?('"')
+          # JSON format
+          redacted.gsub!(pattern, "\\1#{REDACTION_MARK.inspect}")
+        else
+          # URL-encoded format
+          redacted.gsub!(pattern) { "#{$~[0].split('=')[0]}=#{REDACTION_MARK}" }
+        end
+      end
+      redacted
+    end
+  end
+end

data/lib/authlete/version.rb

@@ -16,5 +16,5 @@
 
 
 module Authlete
-  VERSION = "1.39.0"
+  VERSION = "1.40.0"
 end

data/lib/authlete.rb

@@ -24,6 +24,9 @@ module Authlete
   autoload :Exception, 'authlete/exception'
   autoload :ParamInitializer, 'authlete/model/param-initializer'
   autoload :Utility, 'authlete/utility'
+  autoload :LoggingLevel, 'authlete/logging'
+  autoload :NullLogger, 'authlete/logging'
+  autoload :SensitiveLogger, 'authlete/logging'
 
   module Model
     autoload :Base, 'authlete/model/base'

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: authlete
 version: !ruby/object:Gem::Version
-  version: 1.39.0
+  version: 1.40.0
 platform: ruby
 authors:
 - Takahiko Kawasaki
 - Hideki Ikeda
 - Seth Wright
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-07 00:00:00.000000000 Z
+date: 2025-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -72,6 +72,7 @@ files:
 - lib/authlete/api.rb
 - lib/authlete/authentication-server.rb
 - lib/authlete/exception.rb
+- lib/authlete/logging.rb
 - lib/authlete/model/base.rb
 - lib/authlete/model/client-extension.rb
 - lib/authlete/model/client.rb
@@ -168,7 +169,7 @@ homepage: https://www.authlete.com/
 licenses:
 - Apache License, Version 2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -183,8 +184,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: A library for Authlete Web APIs
 test_files: []