finapps 2.0.24 → 2.0.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 459e76ea87b8115a6832116c5fa5244f5074694c
-  data.tar.gz: 0ebb05734404029ce95eb67a6ce7b893c2b7435d
+  metadata.gz: dc5c86dcbace8459aab80bd8bdeb80944243b4f3
+  data.tar.gz: 3522a70ae623fa2956b06d5c9324dd1bca9dd9ac
 SHA512:
-  metadata.gz: 56509e050cfa3f90fd8575bd28c2dd758d7beded369f8f272fd4f181c55cabfcba09a58fe767ff0ac73e3cb5ec6de2ce44e747749e9ecbfd1914917dcef41962
-  data.tar.gz: 49b53717825e7c597409f7609f050e6430f10d9ff6bdcda025212409d3afba9f957ed339055915e2c9a2c4a3acd3bf15820c989b140c927bf1155043c598077c
+  metadata.gz: fa70bf1edce8053dbe6f51a1616852b984179ff058a2bfb59fa5fbf6ec3339a082860968072fcd5b834b6ef7fda572359aabaca94b9a7daa83686e669d4833c2
+  data.tar.gz: 4406b0fd8ef1fa2e9ef0ef08b2216ecd4206f3a1ce710e0e5a9af3afb042773978f48f752d68c073299a9caf4e83e90092adb1d66c9fff4507b1d7b807efccae

data/lib/core_extensions/string/json_to_hash.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module StringExtensions
+  refine String do
+    def json_to_hash
+      ::JSON.parse(self)
+    rescue ::JSON::ParserError
+      # logger.error "##{__method__} => Unable to parse JSON response."
+    end
+  end
+end

data/lib/finapps/middleware/middleware.rb

@@ -6,12 +6,15 @@ module FinApps
     autoload :AcceptJson, 'finapps/middleware/request/accept_json'
     autoload :UserAgent, 'finapps/middleware/request/user_agent'
     autoload :TenantAuthentication, 'finapps/middleware/request/tenant_authentication'
+    autoload :CustomLogger, 'finapps/middleware/response/custom_logger'
 
     if Faraday::Middleware.respond_to? :register_middleware
       Faraday::Request.register_middleware \
         accept_json: -> { AcceptJson },
         user_agent: -> { UserAgent },
         tenant_authentication: -> { TenantAuthentication }
+      Faraday::Response.register_middleware \
+        custom_logger: -> { CustomLogger }
     end
   end
 end

data/lib/finapps/middleware/response/custom_logger.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+module FinApps
+  module Middleware
+    class CustomLogger < Faraday::Response::Middleware
+      extend Forwardable
+      include FinApps::Utils::ParameterFilter
+
+      DEFAULT_OPTIONS = {bodies: false}.freeze
+
+      def initialize(app, logger=nil, options={})
+        super(app)
+        @logger = logger || begin
+          require 'logger'
+          ::Logger.new(STDOUT)
+        end
+        @options = DEFAULT_OPTIONS.merge(options)
+      end
+
+      def_delegators :@logger, :debug, :info, :warn, :error, :fatal
+
+      def call(env)
+        info "##{__method__} => ##{env.method} #{env.url}"
+        debug "##{__method__} => Request Headers: #{dump_headers env.request_headers}"
+
+        super
+      end
+
+      def on_complete(env)
+        info "##{__method__} => ##{env.method} #{env.url}"
+        debug "##{__method__} => Response Headers: #{dump_headers env.response_headers}"
+        info "##{__method__} => Response Body: #{dump_body env.body}" if env.body
+      end
+
+      private
+
+      def dump_headers(headers)
+        headers.map {|k, v| "  #{k}: #{filter_sensitive_header_values(k, v)}" }.to_s
+      end
+
+      def filter_sensitive_header_values(key, value)
+        case key
+        when 'X-FinApps-Token', 'Authorization'
+          '[REDACTED]'
+        else
+          value.inspect
+        end
+      end
+
+      def dump_body(body)
+        skip_sensitive_data(body)
+      end
+    end
+  end
+end

data/lib/finapps/middleware/response/raise_error.rb

@@ -31,19 +31,13 @@ module FinApps
 
       def error_messages(body)
         return nil if body.blank?
-        body = parse_string(body) if body.is_a?(String)
+        body = body.json_to_hash if body.is_a?(String)
         has_message_key?(body) ? body['messages'] : nil
       end
 
       def has_message_key?(body)
         body.respond_to?(:key?) && body.key?('messages')
       end
-
-      def parse_string(body)
-        ::JSON.parse(body)
-      rescue ::JSON::ParserError
-        # logger.error "##{__method__} => Unable to parse JSON response."
-      end
     end
   end
 end

data/lib/finapps/rest/connection.rb

@@ -23,7 +23,7 @@ module FinApps
           conn.use FinApps::Middleware::RaiseError
           conn.response :rashify
           conn.response :json, content_type: /\bjson$/
-          conn.response :logger, logger, bodies: (ENV['SILENT_LOG_BODIES'] != 'true')
+          conn.response :custom_logger, logger, bodies: (ENV['SILENT_LOG_BODIES'] != 'true')
 
           # Adapter (ensure that the adapter is always last.)
           conn.adapter :typhoeus

data/lib/finapps/rest/resources.rb

@@ -2,6 +2,7 @@
 module FinApps
   module REST
     class Resources # :nodoc:
+      include FinApps::Utils::ParameterFilter
       require 'erb'
 
       attr_reader :client
@@ -44,7 +45,7 @@ module FinApps
 
       def request_with_body(path, method, params)
         path = end_point if path.nil?
-        logger.debug "#{self.class.name}##{__method__} => path: #{path} params: #{params}"
+        logger.debug "#{self.class.name}##{__method__} => path: #{path} params: #{skip_sensitive_data(params)}"
 
         client.send_request path, method, params
       end

data/lib/finapps/utils/parameter_filter.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module FinApps
+  module Utils
+    module ParameterFilter
+      using StringExtensions
+      PROTECTED_KEYS = %w(login login1 username password password1 password_confirm token).freeze
+
+      def skip_sensitive_data(hash)
+        if hash.is_a? String
+          hash = hash.json_to_hash
+        end
+        if hash.is_a? Hash
+          filtered_hash = hash.clone
+          filtered_hash.each do |key, value|
+            if PROTECTED_KEYS.include? key.to_s.downcase
+              filtered_hash[key] = '[REDACTED]'
+            elsif value.is_a?(Hash)
+              filtered_hash[key] = skip_sensitive_data(value)
+            elsif value.is_a?(Array)
+              filtered_hash[key] = value.map {|v| v.is_a?(Hash) ? skip_sensitive_data(v) : v }
+            end
+          end
+
+          filtered_hash
+        else
+          hash
+        end
+      end
+    end
+  end
+end

data/lib/finapps/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module FinApps
-  VERSION = '2.0.24'
+  VERSION = '2.0.25'
 end

data/lib/finapps.rb

@@ -9,7 +9,10 @@ require 'typhoeus/adapters/faraday'
 require 'core_extensions/hash/compact'
 require 'core_extensions/object/blank'
 require 'core_extensions/object/is_integer'
+require 'core_extensions/string/json_to_hash'
+
 require 'finapps/utils/loggeable'
+require 'finapps/utils/parameter_filter'
 require 'finapps/error'
 
 require 'finapps/middleware/request/tenant_authentication'

data/spec/utils/parameter_filter_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+class FakeClass
+  include ::FinApps::Utils::ParameterFilter
+end
+
+RSpec.describe FinApps::Utils::ParameterFilter do
+  describe '#skip_sensitive_data' do
+    context 'when provided with sensitive data' do
+      let(:unfiltered_params) do
+        {password: 'FinApps@123', password_confirm: 'FinApps@123', token: '123456',
+         login: 'sammysosa', username: 'johnny', name: 'george'}
+      end
+      let(:filtered_params) do
+        {password: '[REDACTED]', password_confirm: '[REDACTED]', token: '[REDACTED]',
+         login: '[REDACTED]', username: '[REDACTED]', name: 'george'}
+      end
+
+      it 'filters out sensitive values' do
+        expect(FakeClass.new.skip_sensitive_data(unfiltered_params)).to eq(filtered_params)
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: finapps
 version: !ruby/object:Gem::Version
-  version: 2.0.24
+  version: 2.0.25
 platform: ruby
 authors:
 - Erich Quintero
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-25 00:00:00.000000000 Z
+date: 2016-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -249,12 +249,14 @@ files:
 - lib/core_extensions/hash/compact.rb
 - lib/core_extensions/object/blank.rb
 - lib/core_extensions/object/is_integer.rb
+- lib/core_extensions/string/json_to_hash.rb
 - lib/finapps.rb
 - lib/finapps/error.rb
 - lib/finapps/middleware/middleware.rb
 - lib/finapps/middleware/request/accept_json.rb
 - lib/finapps/middleware/request/tenant_authentication.rb
 - lib/finapps/middleware/request/user_agent.rb
+- lib/finapps/middleware/response/custom_logger.rb
 - lib/finapps/middleware/response/raise_error.rb
 - lib/finapps/rest/base_client.rb
 - lib/finapps/rest/client.rb
@@ -273,6 +275,7 @@ files:
 - lib/finapps/rest/user_institutions_statuses.rb
 - lib/finapps/rest/users.rb
 - lib/finapps/utils/loggeable.rb
+- lib/finapps/utils/parameter_filter.rb
 - lib/finapps/version.rb
 - lib/tasks/releaser.rake
 - spec/core_extensions/hash/compact_spec.rb
@@ -318,6 +321,7 @@ files:
 - spec/support/fixtures/user_institution_status.json
 - spec/support/fixtures/user_institutions_list.json
 - spec/support/fixtures/user_institutions_show.json
+- spec/utils/parameter_filter_spec.rb
 homepage: https://github.com/finapps/ruby-client
 licenses:
 - MIT
@@ -356,6 +360,7 @@ test_files:
 - spec/middleware/response/raise_error_spec.rb
 - spec/core_extensions/hash/compact_spec.rb
 - spec/core_extensions/object/is_integer_spec.rb
+- spec/utils/parameter_filter_spec.rb
 - spec/spec_helpers/client.rb
 - spec/spec_helper.rb
 - spec/rest/credentials_spec.rb