lhc 13.4.0.pre.pro1766.1 → 16.0.0.pre.pro2162
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -6
- data/lib/lhc/error.rb +0 -1
- data/lib/lhc/interceptors/auth.rb +10 -5
- data/lib/lhc/scrubber.rb +2 -2
- data/lib/lhc/scrubbers/auth_scrubber.rb +1 -0
- data/lib/lhc/scrubbers/body_scrubber.rb +1 -3
- data/lib/lhc/scrubbers/headers_scrubber.rb +16 -6
- data/lib/lhc/version.rb +1 -1
- data/spec/interceptors/auth/reauthentication_spec.rb +21 -1
- data/spec/interceptors/logging/main_spec.rb +2 -2
- data/spec/request/scrubbed_headers_spec.rb +18 -16
- data/spec/request/scrubbed_options_spec.rb +9 -0
- data/spec/request/scrubbed_params_spec.rb +10 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 624333537e8e35fa6ece5b46b1748263e023b439060c8e8b6b7ca0572db52ead
|
|
4
|
+
data.tar.gz: 588b9c2328f9ef96fa6709d6d12580083712e863838cb6e3b75b9dfb2e0efe35
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d038ab78edbddf4f9d3cd8c4f8dd85285448a79498df99f02e9893bf04a68a80fc17fa286555399752452c1e68701307eb2d45112df1bb31df7f96b81c531b23
|
|
7
|
+
data.tar.gz: d45a0a5e8990644c7748527affe7fcee24f481f10043f6368ca90a5bbe8b76ad6e32fbfecc85e65e8f21765799926576ad815f443b34617540b6da8594f66d2b
|
data/README.md
CHANGED
|
@@ -495,14 +495,14 @@ You can configure global placeholders, that are used when generating urls from u
|
|
|
495
495
|
### Configuring scrubs
|
|
496
496
|
|
|
497
497
|
You can filter out sensitive request data from your log files and rollbar by appending them to `LHS.config.scrubs`. These values will be marked `[FILTERED]` in the log and on rollbar. Also nested parameters are being filtered.
|
|
498
|
-
The scrubbing configuration affects all request done by LHC independent of the endpoint. You can scrub any attribute within
|
|
498
|
+
The scrubbing configuration affects all request done by LHC independent of the endpoint. You can scrub any attribute within `:params`, `:headers` or `:body`. For `:auth` you either can choose `:bearer` or `:basic` (default is both).
|
|
499
499
|
|
|
500
500
|
LHS scrubs per default:
|
|
501
|
-
- Bearer Token within the
|
|
502
|
-
- Basic Auth username and password within the
|
|
503
|
-
- password and password_confirmation within the
|
|
501
|
+
- Bearer Token within the Request Header
|
|
502
|
+
- Basic Auth `username` and `password` within the Request Header
|
|
503
|
+
- `password` and `password_confirmation` within the Request Body
|
|
504
504
|
|
|
505
|
-
Enhance the default scrubbing by pushing the name of the parameter, which should
|
|
505
|
+
Enhance the default scrubbing by pushing the name of the parameter, which should be scrubbed, as string to the existing configuration.
|
|
506
506
|
You can also add multiple parameters at once by pushing multiple strings.
|
|
507
507
|
|
|
508
508
|
Example:
|
|
@@ -520,7 +520,7 @@ For disabling scrubbing, add following configuration:
|
|
|
520
520
|
end
|
|
521
521
|
```
|
|
522
522
|
|
|
523
|
-
If you want to turn off `:bearer` or `:
|
|
523
|
+
If you want to turn off `:bearer` or `:basic` scrubbing, then just overwrite the `:auth` configuration.
|
|
524
524
|
|
|
525
525
|
Example:
|
|
526
526
|
```ruby
|
data/lib/lhc/error.rb
CHANGED
|
@@ -45,20 +45,25 @@ class LHC::Auth < LHC::Interceptor
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def set_basic_authorization_header(base_64_encoded_credentials)
|
|
48
|
-
request.options[:auth][:basic]
|
|
48
|
+
request.options[:auth][:basic].merge!(base_64_encoded_credentials: base_64_encoded_credentials)
|
|
49
49
|
set_authorization_header("Basic #{base_64_encoded_credentials}")
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def set_bearer_authorization_header(token)
|
|
53
|
-
request.options[:auth]
|
|
53
|
+
request.options[:auth].merge!(bearer_token: token)
|
|
54
54
|
set_authorization_header("Bearer #{token}")
|
|
55
55
|
end
|
|
56
56
|
# rubocop:enable Style/AccessorMethodName
|
|
57
57
|
|
|
58
58
|
def reauthenticate!
|
|
59
|
-
# refresh
|
|
60
|
-
|
|
61
|
-
|
|
59
|
+
# refresh access_token
|
|
60
|
+
refresh_client_token_option.call
|
|
61
|
+
|
|
62
|
+
# Now as the token is refreshe
|
|
63
|
+
# we need to use the refreshed bearer token
|
|
64
|
+
# in the authorization header
|
|
65
|
+
bearer_authentication! if auth_options[:bearer]
|
|
66
|
+
|
|
62
67
|
# trigger LHC::Retry and ensure we do not trigger reauthenticate!
|
|
63
68
|
# again should it fail another time
|
|
64
69
|
new_options = request.options.dup
|
data/lib/lhc/scrubber.rb
CHANGED
|
@@ -6,7 +6,7 @@ class LHC::Scrubber
|
|
|
6
6
|
SCRUB_DISPLAY = '[FILTERED]'
|
|
7
7
|
|
|
8
8
|
def initialize(data)
|
|
9
|
-
@scrubbed = data
|
|
9
|
+
@scrubbed = data
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
private
|
|
@@ -36,7 +36,7 @@ class LHC::Scrubber
|
|
|
36
36
|
elsif scrubbed.key?(scrub_element.to_sym)
|
|
37
37
|
key = scrub_element.to_sym
|
|
38
38
|
end
|
|
39
|
-
next if key.blank?
|
|
39
|
+
next if key.blank? || scrubbed[key].blank?
|
|
40
40
|
|
|
41
41
|
scrubbed[key] = SCRUB_DISPLAY
|
|
42
42
|
end
|
|
@@ -14,9 +14,7 @@ class LHC::BodyScrubber < LHC::Scrubber
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def parse!
|
|
17
|
-
return if scrubbed.nil?
|
|
18
|
-
return if scrubbed.is_a?(Hash)
|
|
19
|
-
return if scrubbed.is_a?(Array)
|
|
17
|
+
return if scrubbed.nil? || scrubbed.is_a?(Hash) || scrubbed.is_a?(Array)
|
|
20
18
|
|
|
21
19
|
if scrubbed.is_a?(String)
|
|
22
20
|
json = scrubbed
|
|
@@ -25,16 +25,26 @@ class LHC::HeadersScrubber < LHC::Scrubber
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def scrub_basic_authentication_headers!
|
|
28
|
-
return if
|
|
29
|
-
return if scrubbed['Authorization'].blank?
|
|
28
|
+
return if !scrub_basic_authentication_headers?
|
|
30
29
|
|
|
31
|
-
scrubbed['Authorization']
|
|
30
|
+
scrubbed['Authorization'].gsub!(auth_options[:basic][:base_64_encoded_credentials], SCRUB_DISPLAY)
|
|
32
31
|
end
|
|
33
32
|
|
|
34
33
|
def scrub_bearer_authentication_headers!
|
|
35
|
-
return if
|
|
36
|
-
return if @scrubbed['Authorization'].blank?
|
|
34
|
+
return if !scrub_bearer_authentication_headers?
|
|
37
35
|
|
|
38
|
-
|
|
36
|
+
scrubbed['Authorization'].gsub!(auth_options[:bearer_token], SCRUB_DISPLAY)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def scrub_basic_authentication_headers?
|
|
40
|
+
auth_options[:basic].present? &&
|
|
41
|
+
scrubbed['Authorization'].present? &&
|
|
42
|
+
scrubbed['Authorization'].include?(auth_options[:basic][:base_64_encoded_credentials])
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def scrub_bearer_authentication_headers?
|
|
46
|
+
auth_options[:bearer].present? &&
|
|
47
|
+
scrubbed['Authorization'].present? &&
|
|
48
|
+
scrubbed['Authorization'].include?(auth_options[:bearer_token])
|
|
39
49
|
end
|
|
40
50
|
end
|
data/lib/lhc/version.rb
CHANGED
|
@@ -5,7 +5,10 @@ require 'rails_helper'
|
|
|
5
5
|
describe LHC::Auth do
|
|
6
6
|
let(:initial_token) { '123456' }
|
|
7
7
|
let(:refresh_token) { 'abcdef' }
|
|
8
|
-
|
|
8
|
+
|
|
9
|
+
let(:options) do
|
|
10
|
+
{ bearer: -> { DummyAuthentication.access_token }, refresh_client_token: -> { DummyAuthentication.refresh_token } }
|
|
11
|
+
end
|
|
9
12
|
let!(:auth_failing) do
|
|
10
13
|
stub_request(:get, 'http://local.ch')
|
|
11
14
|
.with(headers: { 'Authorization' => "Bearer #{initial_token}" })
|
|
@@ -17,6 +20,23 @@ describe LHC::Auth do
|
|
|
17
20
|
end
|
|
18
21
|
|
|
19
22
|
before(:each) do
|
|
23
|
+
class DummyAuthentication
|
|
24
|
+
|
|
25
|
+
def self.refresh_token
|
|
26
|
+
# updates access_token
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def self.access_token
|
|
30
|
+
# this is used as bearer token
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
# It does not matter what value this method returns it is not use by LHC.
|
|
35
|
+
# That method needs just to make sure that the value of the access_token
|
|
36
|
+
# is the new valid token
|
|
37
|
+
allow(DummyAuthentication).to receive(:refresh_token).and_return(nil)
|
|
38
|
+
|
|
39
|
+
allow(DummyAuthentication).to receive(:access_token).and_return(initial_token, refresh_token)
|
|
20
40
|
LHC.config.interceptors = [LHC::Auth, LHC::Retry]
|
|
21
41
|
end
|
|
22
42
|
|
|
@@ -42,13 +42,13 @@ describe LHC::Logging do
|
|
|
42
42
|
LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' })
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
it 'does
|
|
45
|
+
it 'does not log sensitive params information' do
|
|
46
46
|
expect(logger).to have_received(:info).once.with(
|
|
47
47
|
a_string_including("Params={:api_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"}")
|
|
48
48
|
)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
it 'does
|
|
51
|
+
it 'does not log sensitive header information' do
|
|
52
52
|
expect(logger).to have_received(:info).once.with(
|
|
53
53
|
a_string_including(":private_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"")
|
|
54
54
|
)
|
|
@@ -59,19 +59,20 @@ describe LHC::Request do
|
|
|
59
59
|
let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
|
|
60
60
|
let(:auth) { { bearer: -> { bearer_token } } }
|
|
61
61
|
|
|
62
|
-
it '
|
|
62
|
+
it 'scrubs only the bearer token' do
|
|
63
63
|
expect(request.scrubbed_headers).to include('Authorization' => "Bearer #{LHC::Scrubber::SCRUB_DISPLAY}")
|
|
64
64
|
expect(request.headers).to include(authorization_header)
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
67
|
+
it 'scrubs whole "Authorization" header' do
|
|
68
|
+
LHC.config.scrubs[:headers] << 'Authorization'
|
|
69
|
+
expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
|
|
70
|
+
expect(request.headers).to include(authorization_header)
|
|
71
|
+
end
|
|
71
72
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
73
|
+
it 'scrubs nothing' do
|
|
74
|
+
LHC.config.scrubs = {}
|
|
75
|
+
expect(request.scrubbed_headers).to include(authorization_header)
|
|
75
76
|
end
|
|
76
77
|
end
|
|
77
78
|
|
|
@@ -82,19 +83,20 @@ describe LHC::Request do
|
|
|
82
83
|
let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
|
|
83
84
|
let(:auth) { { basic: { username: username, password: password } } }
|
|
84
85
|
|
|
85
|
-
it '
|
|
86
|
+
it 'scrubs only credentials' do
|
|
86
87
|
expect(request.scrubbed_headers).to include('Authorization' => "Basic #{LHC::Scrubber::SCRUB_DISPLAY}")
|
|
87
88
|
expect(request.headers).to include(authorization_header)
|
|
88
89
|
end
|
|
89
90
|
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
91
|
+
it 'scrubs whole "Authorization" header' do
|
|
92
|
+
LHC.config.scrubs[:headers] << 'Authorization'
|
|
93
|
+
expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
|
|
94
|
+
expect(request.headers).to include(authorization_header)
|
|
95
|
+
end
|
|
94
96
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
97
|
+
it 'scrubs nothing' do
|
|
98
|
+
LHC.config.scrubs = {}
|
|
99
|
+
expect(request.scrubbed_headers).to include(authorization_header)
|
|
98
100
|
end
|
|
99
101
|
end
|
|
100
102
|
end
|
|
@@ -32,6 +32,15 @@ describe LHC::Request do
|
|
|
32
32
|
expect(request.scrubbed_options[:auth][:basic]).to be nil
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
+
context 'when bearer auth is not a proc' do
|
|
36
|
+
let(:auth) { { bearer: bearer_token } }
|
|
37
|
+
|
|
38
|
+
it 'also scrubbes the bearer' do
|
|
39
|
+
expect(request.scrubbed_options[:auth][:bearer]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
|
|
40
|
+
expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
35
44
|
context 'when options do not have auth' do
|
|
36
45
|
let(:authorization_header) { {} }
|
|
37
46
|
let(:auth) { nil }
|
|
@@ -22,4 +22,14 @@ describe LHC::Request do
|
|
|
22
22
|
expect(response.request.scrubbed_params).to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
|
|
23
23
|
expect(response.request.scrubbed_params).to include(secret_key: LHC::Scrubber::SCRUB_DISPLAY)
|
|
24
24
|
end
|
|
25
|
+
|
|
26
|
+
context 'when value is empty' do
|
|
27
|
+
let(:params) { { api_key: nil, secret_key: '' } }
|
|
28
|
+
|
|
29
|
+
it 'does not filter the value' do
|
|
30
|
+
LHC.config.scrubs[:params].push('api_key', 'secret_key')
|
|
31
|
+
expect(response.request.scrubbed_params).to include(api_key: nil)
|
|
32
|
+
expect(response.request.scrubbed_params).to include(secret_key: '')
|
|
33
|
+
end
|
|
34
|
+
end
|
|
25
35
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lhc
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 16.0.0.pre.pro2162
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- https://github.com/local-ch/lhc/contributors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|