lhc 13.0.0 → 15.0.0

data/lib/lhc/response.rb

@@ -50,6 +50,7 @@ class LHC::Response
 
   def format
     return LHC::Formats::JSON.new if request.nil?
+
     request.format
   end
 

data/lib/lhc/response/data.rb

@@ -18,7 +18,7 @@ class LHC::Response::Data
     end
   end
 
-  def method_missing(method, *args, &block) # rubocop:disable Style/MethodMissingSuper
+  def method_missing(method, *args, &block)
     @base.send(method, *args, &block)
   end
 

data/lib/lhc/scrubber.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class LHC::Scrubber
+  attr_accessor :scrubbed
+
+  SCRUB_DISPLAY = '[FILTERED]'
+
+  def initialize(data)
+    @scrubbed = data
+  end
+
+  private
+
+  def scrub_auth_elements
+    LHC.config.scrubs.dig(:auth)
+  end
+
+  def scrub!
+    return if scrub_elements.blank?
+    return if scrubbed.blank?
+
+    LHC::Scrubber.scrub_hash!(scrub_elements, scrubbed) if scrubbed.is_a?(Hash)
+    LHC::Scrubber.scrub_array!(scrub_elements, scrubbed) if scrubbed.is_a?(Array)
+  end
+
+  def self.scrub_array!(scrub_elements, scrubbed)
+    scrubbed.each do |scrubbed_hash|
+      LHC::Scrubber.scrub_hash!(scrub_elements, scrubbed_hash)
+    end
+  end
+
+  def self.scrub_hash!(scrub_elements, scrubbed)
+    scrub_elements.each do |scrub_element|
+      if scrubbed.key?(scrub_element.to_s)
+        key = scrub_element.to_s
+      elsif scrubbed.key?(scrub_element.to_sym)
+        key = scrub_element.to_sym
+      end
+      next if key.blank? || scrubbed[key].blank?
+
+      scrubbed[key] = SCRUB_DISPLAY
+    end
+    scrubbed.values.each { |v| LHC::Scrubber.scrub_hash!(scrub_elements, v) if v.instance_of?(Hash) }
+  end
+end

data/lib/lhc/scrubbers/auth_scrubber.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class LHC::AuthScrubber < LHC::Scrubber
+  def initialize(data)
+    super(data)
+    scrub_auth_options!
+  end
+
+  private
+
+  def scrub_auth_options!
+    return if scrubbed.blank?
+    return if scrub_auth_elements.blank?
+
+    scrub_basic_auth_options! if scrub_auth_elements.include?(:basic)
+    scrub_bearer_auth_options! if scrub_auth_elements.include?(:bearer)
+  end
+
+  def scrub_basic_auth_options!
+    return if scrubbed[:basic].blank?
+
+    scrubbed[:basic][:username] = SCRUB_DISPLAY
+    scrubbed[:basic][:password] = SCRUB_DISPLAY
+    scrubbed[:basic][:base_64_encoded_credentials] = SCRUB_DISPLAY
+  end
+
+  def scrub_bearer_auth_options!
+    return if scrubbed[:bearer].blank?
+
+    scrubbed[:bearer] = SCRUB_DISPLAY if scrubbed[:bearer].is_a?(String)
+    scrubbed[:bearer_token] = SCRUB_DISPLAY
+  end
+end

data/lib/lhc/scrubbers/body_scrubber.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class LHC::BodyScrubber < LHC::Scrubber
+  def initialize(data)
+    super(data)
+    parse!
+    scrub!
+  end
+
+  private
+
+  def scrub_elements
+    LHC.config.scrubs[:body]
+  end
+
+  def parse!
+    return if scrubbed.nil? || scrubbed.is_a?(Hash) || scrubbed.is_a?(Array)
+
+    if scrubbed.is_a?(String)
+      json = scrubbed
+    else
+      json = scrubbed.to_json
+    end
+
+    parsed = JSON.parse(json)
+    self.scrubbed = parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
+  end
+end

data/lib/lhc/scrubbers/headers_scrubber.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class LHC::HeadersScrubber < LHC::Scrubber
+  def initialize(data, auth_options)
+    super(data)
+    @auth_options = auth_options
+    scrub!
+    scrub_auth_headers!
+  end
+
+  private
+
+  attr_reader :auth_options
+
+  def scrub_elements
+    LHC.config.scrubs[:headers]
+  end
+
+  def scrub_auth_headers!
+    return if scrub_auth_elements.blank?
+    return if auth_options.blank?
+
+    scrub_basic_authentication_headers! if scrub_auth_elements.include?(:basic)
+    scrub_bearer_authentication_headers! if scrub_auth_elements.include?(:bearer)
+  end
+
+  def scrub_basic_authentication_headers!
+    return if auth_options[:basic].blank? || scrubbed['Authorization'].blank?
+
+    scrubbed['Authorization'].gsub!(auth_options[:basic][:base_64_encoded_credentials], SCRUB_DISPLAY)
+  end
+
+  def scrub_bearer_authentication_headers!
+    return if auth_options[:bearer].blank? || scrubbed['Authorization'].blank?
+
+    scrubbed['Authorization'].gsub!(auth_options[:bearer_token], SCRUB_DISPLAY)
+  end
+end

data/lib/lhc/scrubbers/params_scrubber.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class LHC::ParamsScrubber < LHC::Scrubber
+  def initialize(data)
+    super(data)
+    scrub!
+  end
+
+  private
+
+  def scrub_elements
+    LHC.config.scrubs[:params]
+  end
+end

data/lib/lhc/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LHC
-  VERSION ||= '13.0.0'
+  VERSION ||= '15.0.0'
 end

data/spec/config/scrubs_spec.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC do
+  it 'has a default value for scrubs' do
+    expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+    expect(LHC.config.scrubs[:params]).to eq []
+    expect(LHC.config.scrubs[:headers]).to eq []
+    expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+  end
+
+  describe 'auth' do
+    context 'when only bearer auth should get scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:auth] = [:bearer]
+        end
+      end
+
+      it 'has only bearer auth in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq([:bearer])
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'params' do
+    context 'when additional param "api_key" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:params] << 'api_key'
+        end
+      end
+
+      it 'has "api_key" in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq ['api_key']
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'headers' do
+    context 'when additional header "private_key" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:headers] << 'private_key'
+        end
+      end
+
+      it 'has "private_key" in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq ['private_key']
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'body' do
+    context 'when only password should get scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:body] = ['password']
+        end
+      end
+
+      it 'has password in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq(['password'])
+      end
+    end
+
+    context 'when "user_token" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:body] << 'user_token'
+        end
+      end
+
+      it 'has user_token in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq(['password', 'password_confirmation', 'user_token'])
+      end
+    end
+  end
+
+  context 'when nothing should be scrubbed' do
+    before(:each) do
+      LHC.configure do |c|
+        c.scrubs = {}
+      end
+    end
+
+    it 'does not have scrubs' do
+      expect(LHC.config.scrubs.blank?).to be true
+      expect(LHC.config.scrubs[:auth]).to be nil
+    end
+  end
+end

data/spec/error/to_s_spec.rb

@@ -45,17 +45,17 @@ describe LHC::Error do
 
     context 'some mocked response' do
       let(:request) do
-        double('request',
+        double('LHC::Request',
                method: 'GET',
                url: 'http://example.com/sessions',
-               headers: { 'Bearer Token' => "aaaaaaaa-bbbb-cccc-dddd-eeee" },
-               options: { followlocation: true,
-                          auth: { bearer: "aaaaaaaa-bbbb-cccc-dddd-eeee" },
-                          params: { limit: 20 }, url: "http://example.com/sessions" })
+               scrubbed_headers: { 'Bearer Token' => LHC::Scrubber::SCRUB_DISPLAY },
+               scrubbed_options: { followlocation: true,
+                                   auth: { bearer: LHC::Scrubber::SCRUB_DISPLAY },
+                                   params: { limit: 20 }, url: "http://example.com/sessions" })
       end
 
       let(:response) do
-        double('response',
+        double('LHC::Response',
                request: request,
                code: 500,
                options: { return_code: :internal_error, response_headers: "" },
@@ -64,11 +64,16 @@ describe LHC::Error do
 
       subject { LHC::Error.new('The error message', response) }
 
+      before do
+        allow(request).to receive(:is_a?).with(LHC::Request).and_return(true)
+        allow(response).to receive(:is_a?).with(LHC::Response).and_return(true)
+      end
+
       it 'produces correct debug output' do
         expect(subject.to_s.split("\n")).to eq(<<-MSG.strip_heredoc.split("\n"))
           GET http://example.com/sessions
-          Options: {:followlocation=>true, :auth=>{:bearer=>"aaaaaaaa-bbbb-cccc-dddd-eeee"}, :params=>{:limit=>20}, :url=>"http://example.com/sessions"}
-          Headers: {"Bearer Token"=>"aaaaaaaa-bbbb-cccc-dddd-eeee"}
+          Options: {:followlocation=>true, :auth=>{:bearer=>"#{LHC::Scrubber::SCRUB_DISPLAY}"}, :params=>{:limit=>20}, :url=>"http://example.com/sessions"}
+          Headers: {"Bearer Token"=>"#{LHC::Scrubber::SCRUB_DISPLAY}"}
           Response Code: 500 (internal_error)
           Response Options: {:return_code=>:internal_error, :response_headers=>""}
           {"status":500,"message":"undefined"}

data/spec/formats/multipart_spec.rb

@@ -6,14 +6,14 @@ describe LHC do
   include ActionDispatch::TestProcess
 
   context 'multipart' do
-    let(:file) { fixture_file_upload(Tempfile.new, 'image/jpeg') }
+    let(:file) { Rack::Test::UploadedFile.new(Tempfile.new) }
     let(:body) { { size: 2231 }.to_json }
     let(:location) { 'http://local.ch/uploads/image.jpg' }
 
     it 'formats requests to be multipart/form-data' do
       stub_request(:post, 'http://local.ch/') do |request|
         raise 'Content-Type header wrong' unless request.headers['Content-Type'] == 'multipart/form-data'
-        raise 'Body wrongly formatted' unless request.body.match(/file=%23%3CActionDispatch%3A%3AHttp%3A%3AUploadedFile%3A.*%3E&type=Image/)
+        raise 'Body wrongly formatted' unless request.body.match?(/file=%23%3CActionDispatch%3A%3AHttp%3A%3AUploadedFile%3A.*%3E&type=Image/)
       end.to_return(status: 200, body: body, headers: { 'Location' => location })
       response = LHC.multipart.post(
         'http://local.ch',

data/spec/formats/plain_spec.rb

@@ -6,7 +6,7 @@ describe LHC do
   include ActionDispatch::TestProcess
 
   context 'plain' do
-    let(:file) { fixture_file_upload(Tempfile.new, 'image/jpeg') }
+    let(:file) { Rack::Test::UploadedFile.new(Tempfile.new) }
 
     it 'leaves plains requests unformatted' do
       stub_request(:post, 'http://local.ch/')

data/spec/interceptors/after_response_spec.rb

@@ -14,7 +14,7 @@ describe LHC do
           uri = URI.parse(response.request.url)
           path = [
             'web',
-            Rails.application.class.parent_name,
+            ((ActiveSupport.gem_version >= Gem::Version.new('6.0.0')) ? Rails.application.class.module_parent_name : Rails.application.class.parent_name).underscore,
             Rails.env,
             response.request.method,
             uri.scheme,

data/spec/interceptors/caching/main_spec.rb

@@ -47,7 +47,7 @@ describe LHC::Caching do
 
   it 'lets you configure the cache key that will be used' do
     LHC.config.endpoint(:local, 'http://local.ch', cache: { key: 'STATICKEY' })
-    expect(Rails.cache).to receive(:fetch).with("LHC_CACHE(v#{LHC::Caching::CACHE_VERSION}): STATICKEY").and_call_original
+    expect(Rails.cache).to receive(:fetch).at_least(:once).with("LHC_CACHE(v#{LHC::Caching::CACHE_VERSION}): STATICKEY").and_call_original
     expect(Rails.cache).to receive(:write).with("LHC_CACHE(v#{LHC::Caching::CACHE_VERSION}): STATICKEY", anything, anything).and_call_original
     stub
     LHC.get(:local)
@@ -66,8 +66,8 @@ describe LHC::Caching do
     stub
     LHC.config.endpoint(:local, 'http://local.ch', cache: true)
     original_response = LHC.get(:local)
-    cached_response = LHC.get(:local)
     expect(original_response.from_cache?).to eq false
+    cached_response = LHC.get(:local)
     expect(cached_response.from_cache?).to eq true
   end
 end

data/spec/interceptors/caching/multilevel_cache_spec.rb

@@ -62,7 +62,8 @@ describe LHC::Caching do
 
     context 'found in central cache' do
       it 'serves it from central cache if found there' do
-        expect(redis_cache).to receive(:fetch).and_return(nil, body: '<h1>Hi there</h1>', code: 200, headers: nil, return_code: nil, mock: :webmock)
+        expect(redis_cache).to receive(:fetch).and_return(nil,
+                                                          body: '<h1>Hi there</h1>', code: 200, headers: nil, return_code: nil, mock: :webmock)
         expect(redis_cache).to receive(:write).and_return(true)
         expect(Rails.cache).to receive(:fetch).and_call_original
         expect(Rails.cache).to receive(:write).and_call_original

data/spec/interceptors/define_spec.rb

@@ -7,6 +7,7 @@ describe LHC do
     before(:each) do
       class SomeInterceptor < LHC::Interceptor
       end
+
       class AnotherInterceptor < LHC::Interceptor
       end
     end

data/spec/interceptors/logging/main_spec.rb

@@ -8,7 +8,7 @@ describe LHC::Logging do
   before(:each) do
     LHC.config.interceptors = [LHC::Logging]
     LHC::Logging.logger = logger
-    stub_request(:get, 'http://local.ch').to_return(status: 200)
+    stub_request(:get, /http:\/\/local.ch.*/).to_return(status: 200)
   end
 
   it 'does log information before and after every request made with LHC' do
@@ -34,4 +34,24 @@ describe LHC::Logging do
       )
     end
   end
+
+  context 'sensitive data' do
+    before :each do
+      LHC.config.scrubs[:params] << 'api_key'
+      LHC.config.scrubs[:headers] << 'private_key'
+      LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' })
+    end
+
+    it 'does not log sensitive params information' do
+      expect(logger).to have_received(:info).once.with(
+        a_string_including("Params={:api_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"}")
+      )
+    end
+
+    it 'does not log sensitive header information' do
+      expect(logger).to have_received(:info).once.with(
+        a_string_including(":private_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"")
+      )
+    end
+  end
 end