lhc 13.4.0.pre.pro1766.1 → 16.0.0.pre.pro2162

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14253d5b4b5d91f3ab982f01967045ecdbe49003e4c992544315a2fd0fdc1827
-  data.tar.gz: 7c8e6561080375d1a8cc3d8f5e6ef36ab6c5a09ba15dd0585544e66768336a27
+  metadata.gz: 624333537e8e35fa6ece5b46b1748263e023b439060c8e8b6b7ca0572db52ead
+  data.tar.gz: 588b9c2328f9ef96fa6709d6d12580083712e863838cb6e3b75b9dfb2e0efe35
 SHA512:
-  metadata.gz: 20d7c5716b979647de9c84b0117ff17495ae55abc8d4ba20bc01d9deee37100335c0fc2a4a674ba4883f87c4fbcfa88e274da92aadc972c0385f6930c29db8f9
-  data.tar.gz: f41c9f8302517137811020d2337c2922de8b0cd471f3b744cf80b3ea3d4dad62d2c735305090d5f23912735b07840b92abf01ae2fb801b3b6b7f1e4139ebcccc
+  metadata.gz: d038ab78edbddf4f9d3cd8c4f8dd85285448a79498df99f02e9893bf04a68a80fc17fa286555399752452c1e68701307eb2d45112df1bb31df7f96b81c531b23
+  data.tar.gz: d45a0a5e8990644c7748527affe7fcee24f481f10043f6368ca90a5bbe8b76ad6e32fbfecc85e65e8f21765799926576ad815f443b34617540b6da8594f66d2b

data/README.md

@@ -495,14 +495,14 @@ You can configure global placeholders, that are used when generating urls from u
 ### Configuring scrubs
 
 You can filter out sensitive request data from your log files and rollbar by appending them to `LHS.config.scrubs`. These values will be marked `[FILTERED]` in the log and on rollbar. Also nested parameters are being filtered.
-The scrubbing configuration affects all request done by LHC independent of the endpoint. You can scrub any attribute within `params`, `headers` or `body`. For auth you either can choose `:bearer` or `:auth` (default is both).
+The scrubbing configuration affects all request done by LHC independent of the endpoint. You can scrub any attribute within `:params`, `:headers` or `:body`. For `:auth` you either can choose `:bearer` or `:basic` (default is both).
 
 LHS scrubs per default:
-- Bearer Token within the request header
-- Basic Auth username and password within the request header
-- password and password_confirmation within the request body
+- Bearer Token within the Request Header
+- Basic Auth `username` and `password` within the Request Header
+- `password` and `password_confirmation` within the Request Body
 
-Enhance the default scrubbing by pushing the name of the parameter, which should get scrubbed, as string to the existing configuration.
+Enhance the default scrubbing by pushing the name of the parameter, which should be scrubbed, as string to the existing configuration.
 You can also add multiple parameters at once by pushing multiple strings.
 
 Example:
@@ -520,7 +520,7 @@ For disabling scrubbing, add following configuration:
   end
 ```
 
-If you want to turn off `:bearer` or `:auth` scrubbing, then just overwrite the auth configuration.
+If you want to turn off `:bearer` or `:basic` scrubbing, then just overwrite the `:auth` configuration.
 
 Example:
 ```ruby

data/lib/lhc/error.rb

@@ -78,7 +78,6 @@ class LHC::Error < StandardError
     debug << "Response Options: #{response.options}"
     debug << response.body
     debug << _message
-
     debug.map { |str| self.class.fix_invalid_encoding(str) }.join("\n")
   end
 end

data/lib/lhc/interceptors/auth.rb

@@ -45,20 +45,25 @@ class LHC::Auth < LHC::Interceptor
   end
 
   def set_basic_authorization_header(base_64_encoded_credentials)
-    request.options[:auth][:basic] = request.options[:auth][:basic].merge(base_64_encoded_credentials: base_64_encoded_credentials)
+    request.options[:auth][:basic].merge!(base_64_encoded_credentials: base_64_encoded_credentials)
     set_authorization_header("Basic #{base_64_encoded_credentials}")
   end
 
   def set_bearer_authorization_header(token)
-    request.options[:auth] = request.options[:auth].merge(bearer_token: token)
+    request.options[:auth].merge!(bearer_token: token)
     set_authorization_header("Bearer #{token}")
   end
   # rubocop:enable Style/AccessorMethodName
 
   def reauthenticate!
-    # refresh token and update header
-    token = refresh_client_token_option.call
-    set_bearer_authorization_header(token)
+    # refresh access_token
+    refresh_client_token_option.call
+
+    # Now as the token is refreshe
+    # we need to use the refreshed bearer token
+    # in the authorization header
+    bearer_authentication! if auth_options[:bearer]
+
     # trigger LHC::Retry and ensure we do not trigger reauthenticate!
     # again should it fail another time
     new_options = request.options.dup

data/lib/lhc/scrubber.rb

@@ -6,7 +6,7 @@ class LHC::Scrubber
   SCRUB_DISPLAY = '[FILTERED]'
 
   def initialize(data)
-    @scrubbed = data.deep_dup
+    @scrubbed = data
   end
 
   private
@@ -36,7 +36,7 @@ class LHC::Scrubber
       elsif scrubbed.key?(scrub_element.to_sym)
         key = scrub_element.to_sym
       end
-      next if key.blank?
+      next if key.blank? || scrubbed[key].blank?
 
       scrubbed[key] = SCRUB_DISPLAY
     end

data/lib/lhc/scrubbers/auth_scrubber.rb

@@ -27,6 +27,7 @@ class LHC::AuthScrubber < LHC::Scrubber
   def scrub_bearer_auth_options!
     return if scrubbed[:bearer].blank?
 
+    scrubbed[:bearer] = SCRUB_DISPLAY if scrubbed[:bearer].is_a?(String)
     scrubbed[:bearer_token] = SCRUB_DISPLAY
   end
 end

data/lib/lhc/scrubbers/body_scrubber.rb

@@ -14,9 +14,7 @@ class LHC::BodyScrubber < LHC::Scrubber
   end
 
   def parse!
-    return if scrubbed.nil?
-    return if scrubbed.is_a?(Hash)
-    return if scrubbed.is_a?(Array)
+    return if scrubbed.nil? || scrubbed.is_a?(Hash) || scrubbed.is_a?(Array)
 
     if scrubbed.is_a?(String)
       json = scrubbed

data/lib/lhc/scrubbers/headers_scrubber.rb

@@ -25,16 +25,26 @@ class LHC::HeadersScrubber < LHC::Scrubber
   end
 
   def scrub_basic_authentication_headers!
-    return if auth_options[:basic].blank?
-    return if scrubbed['Authorization'].blank?
+    return if !scrub_basic_authentication_headers?
 
-    scrubbed['Authorization'] = scrubbed['Authorization'].gsub(auth_options[:basic][:base_64_encoded_credentials], SCRUB_DISPLAY)
+    scrubbed['Authorization'].gsub!(auth_options[:basic][:base_64_encoded_credentials], SCRUB_DISPLAY)
   end
 
   def scrub_bearer_authentication_headers!
-    return if @auth_options[:bearer].blank?
-    return if @scrubbed['Authorization'].blank?
+    return if !scrub_bearer_authentication_headers?
 
-    @scrubbed['Authorization'] = scrubbed['Authorization'].gsub(auth_options[:bearer_token], SCRUB_DISPLAY)
+    scrubbed['Authorization'].gsub!(auth_options[:bearer_token], SCRUB_DISPLAY)
+  end
+
+  def scrub_basic_authentication_headers?
+    auth_options[:basic].present? &&
+      scrubbed['Authorization'].present? &&
+      scrubbed['Authorization'].include?(auth_options[:basic][:base_64_encoded_credentials])
+  end
+
+  def scrub_bearer_authentication_headers?
+    auth_options[:bearer].present? &&
+      scrubbed['Authorization'].present? &&
+      scrubbed['Authorization'].include?(auth_options[:bearer_token])
   end
 end

data/lib/lhc/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LHC
-  VERSION ||= '13.4.0-pro1766.1'
+  VERSION ||= '16.0.0-pro2162'
 end

data/spec/interceptors/auth/reauthentication_spec.rb

@@ -5,7 +5,10 @@ require 'rails_helper'
 describe LHC::Auth do
   let(:initial_token) { '123456' }
   let(:refresh_token) { 'abcdef' }
-  let(:options) { { bearer: initial_token, refresh_client_token: -> { refresh_token } } }
+
+  let(:options) do
+    { bearer: -> { DummyAuthentication.access_token }, refresh_client_token: -> { DummyAuthentication.refresh_token } }
+  end
   let!(:auth_failing) do
     stub_request(:get, 'http://local.ch')
       .with(headers: { 'Authorization' => "Bearer #{initial_token}" })
@@ -17,6 +20,23 @@ describe LHC::Auth do
   end
 
   before(:each) do
+    class DummyAuthentication
+
+      def self.refresh_token
+        # updates access_token
+      end
+
+      def self.access_token
+        # this is used as bearer token
+      end
+    end
+
+    # It does not matter what value this method returns it is not use by LHC.
+    # That method needs just to make sure that the value of the access_token
+    # is the new valid token
+    allow(DummyAuthentication).to receive(:refresh_token).and_return(nil)
+
+    allow(DummyAuthentication).to receive(:access_token).and_return(initial_token, refresh_token)
     LHC.config.interceptors = [LHC::Auth, LHC::Retry]
   end
 

data/spec/interceptors/logging/main_spec.rb

@@ -42,13 +42,13 @@ describe LHC::Logging do
       LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' })
     end
 
-    it 'does log not log sensitive params information before every request made with LHC' do
+    it 'does not log sensitive params information' do
       expect(logger).to have_received(:info).once.with(
         a_string_including("Params={:api_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"}")
       )
     end
 
-    it 'does log not log sensitive headers information before every request made with LHC' do
+    it 'does not log sensitive header information' do
       expect(logger).to have_received(:info).once.with(
         a_string_including(":private_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"")
       )

data/spec/request/scrubbed_headers_spec.rb

@@ -59,19 +59,20 @@ describe LHC::Request do
       let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
       let(:auth) { { bearer: -> { bearer_token } } }
 
-      it 'provides srubbed request headers' do
+      it 'scrubs only the bearer token' do
         expect(request.scrubbed_headers).to include('Authorization' => "Bearer #{LHC::Scrubber::SCRUB_DISPLAY}")
         expect(request.headers).to include(authorization_header)
       end
 
-      context 'when nothing should get scrubbed' do
-        before :each do
-          LHC.config.scrubs = {}
-        end
+      it 'scrubs whole "Authorization" header' do
+        LHC.config.scrubs[:headers] << 'Authorization'
+        expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+        expect(request.headers).to include(authorization_header)
+      end
 
-        it 'does not filter beaerer auth' do
-          expect(request.scrubbed_headers).to include(authorization_header)
-        end
+      it 'scrubs nothing' do
+        LHC.config.scrubs = {}
+        expect(request.scrubbed_headers).to include(authorization_header)
       end
     end
 
@@ -82,19 +83,20 @@ describe LHC::Request do
       let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
       let(:auth) { { basic: { username: username, password: password } } }
 
-      it 'provides srubbed request headers' do
+      it 'scrubs only credentials' do
         expect(request.scrubbed_headers).to include('Authorization' => "Basic #{LHC::Scrubber::SCRUB_DISPLAY}")
         expect(request.headers).to include(authorization_header)
       end
 
-      context 'when nothing should get scrubbed' do
-        before :each do
-          LHC.config.scrubs = {}
-        end
+      it 'scrubs whole "Authorization" header' do
+        LHC.config.scrubs[:headers] << 'Authorization'
+        expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+        expect(request.headers).to include(authorization_header)
+      end
 
-        it 'does not filter basic auth' do
-          expect(request.scrubbed_headers).to include(authorization_header)
-        end
+      it 'scrubs nothing' do
+        LHC.config.scrubs = {}
+        expect(request.scrubbed_headers).to include(authorization_header)
       end
     end
   end

data/spec/request/scrubbed_options_spec.rb

@@ -32,6 +32,15 @@ describe LHC::Request do
     expect(request.scrubbed_options[:auth][:basic]).to be nil
   end
 
+  context 'when bearer auth is not a proc' do
+    let(:auth) { { bearer: bearer_token } }
+
+    it 'also scrubbes the bearer' do
+      expect(request.scrubbed_options[:auth][:bearer]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
   context 'when options do not have auth' do
     let(:authorization_header) { {} }
     let(:auth) { nil }

data/spec/request/scrubbed_params_spec.rb

@@ -22,4 +22,14 @@ describe LHC::Request do
     expect(response.request.scrubbed_params).to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
     expect(response.request.scrubbed_params).to include(secret_key: LHC::Scrubber::SCRUB_DISPLAY)
   end
+
+  context 'when value is empty' do
+    let(:params) { { api_key: nil, secret_key: '' } }
+
+    it 'does not filter the value' do
+      LHC.config.scrubs[:params].push('api_key', 'secret_key')
+      expect(response.request.scrubbed_params).to include(api_key: nil)
+      expect(response.request.scrubbed_params).to include(secret_key: '')
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lhc
 version: !ruby/object:Gem::Version
-  version: 13.4.0.pre.pro1766.1
+  version: 16.0.0.pre.pro2162
 platform: ruby
 authors:
 - https://github.com/local-ch/lhc/contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-05 00:00:00.000000000 Z
+date: 2021-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport