ratchetio 0.4.6 → 0.4.7

data/.travis.yml

@@ -10,3 +10,6 @@ rvm:
   - jruby-head
   - rbx-18mode
   - rbx-19mode
+matrix:
+  allow_failures:
+    - rvm: ruby-head

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Change Log
 
+**0.4.7**
+- Sensitive params now scrubbed out of requests. Param name list is customizable via the `scrub_fields` config option.
+
 **0.4.6**
 - Add support to play nicely with Goalie.
 

data/lib/ratchetio/configuration.rb

@@ -17,6 +17,7 @@ module Ratchetio
     attr_accessor :person_username_method
     attr_accessor :person_email_method
     attr_accessor :root
+    attr_accessor :scrub_fields
 
     DEFAULT_ENDPOINT = 'https://submit.ratchet.io/api/1/item/'
 
@@ -34,6 +35,7 @@ module Ratchetio
       @person_id_method = 'id'
       @person_username_method = 'username'
       @person_email_method = 'email'
+      @scrub_fields = [:passwd, :password, :secret]
     end
 
     # allow params to be read like a hash

data/lib/ratchetio/rails/controller_methods.rb

@@ -35,6 +35,7 @@ module Ratchetio
 
       def ratchetio_filter_params(params)
         filtered = {}
+        
         params.to_hash.each_pair do |k,v|
           if v.is_a? ActionDispatch::Http::UploadedFile
             # only save content_type, original_filename, and length
@@ -49,6 +50,8 @@ module Ratchetio
             end
           elsif v.is_a? Hash
             filtered[k] = ratchetio_filter_params v
+          elsif Ratchetio.configuration.scrub_fields.include? k
+            filtered[k] = "*" * v.length
           else
             filtered[k] = v
           end

data/lib/ratchetio/version.rb

@@ -1,3 +1,3 @@
 module Ratchetio
-  VERSION = "0.4.6"
+  VERSION = "0.4.7"
 end

data/lib/ratchetio.rb

@@ -24,6 +24,11 @@ module Ratchetio
     def configure
       yield(configuration)
     end
+    
+    def reconfigure
+      @configuration = Configuration.new
+      yield(configuration)
+    end
 
     # Returns the configuration object.
     #
@@ -148,8 +153,11 @@ module Ratchetio
 
       uri = URI.parse(configuration.endpoint)
       http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      
+      if uri.scheme == 'https'
+        http.use_ssl = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
 
       request = Net::HTTP::Post.new(uri.request_uri)
       request.body = payload

data/spec/controllers/home_controller_spec.rb

@@ -3,7 +3,12 @@ require 'spec_helper'
 describe HomeController do
   
   before(:each) do
+    reset_configuration
     Ratchetio.configure do |config|
+      config.access_token = 'aaaabbbbccccddddeeeeffff00001111'
+      config.environment = ::Rails.env
+      config.root = ::Rails.root
+      config.framework = "Rails: #{::Rails::VERSION::STRING}"
       config.logger = logger_mock
     end
   end
@@ -84,6 +89,42 @@ describe HomeController do
         filtered_file[:original_filename].should == file_hash[:filename]
         filtered_file[:size].should == file_hash[:tempfile].size
       end
+      
+      it "should scrub the default scrub_fields" do
+        params = {
+          :passwd => "hidden",
+          :password => "hidden",
+          :secret => "hidden",
+          :notpass => "visible"
+        }
+        
+        filtered = controller.send(:ratchetio_filter_params, params)
+        
+        filtered[:passwd].should == "******"
+        filtered[:password].should == "******"
+        filtered[:secret].should == "******"
+        filtered[:notpass].should == "visible"
+      end
+      
+      it "should scrub custom scrub_fields" do
+        Ratchetio.configure do |config|
+          config.scrub_fields = [:notpass, :secret]
+        end
+        
+        params = {
+          :passwd => "visible",
+          :password => "visible",
+          :secret => "hidden",
+          :notpass => "hidden"
+        }
+        
+        filtered = controller.send(:ratchetio_filter_params, params)
+        
+        filtered[:passwd].should == "visible"
+        filtered[:password].should == "visible"
+        filtered[:secret].should == "******"
+        filtered[:notpass].should == "******"
+      end
     end
 
     context "ratchetio_request_url" do

data/spec/ratchetio_spec.rb

@@ -285,27 +285,4 @@ describe Ratchetio do
     'aaaabbbbccccddddeeeeffff00001111'
   end
 
-  def reset_configuration
-    Ratchetio.configure do |config|
-      config.access_token = nil
-      config.branch = nil
-      config.default_logger = lambda { Logger.new(STDERR) }
-      config.enabled = true
-      config.endpoint = Ratchetio::Configuration::DEFAULT_ENDPOINT
-      config.environment = nil
-      config.exception_level_filters = {
-        'ActiveRecord::RecordNotFound' => 'warning',
-        'AbstractController::ActionNotFound' => 'warning',
-        'ActionController::RoutingError' => 'warning'
-      }
-      config.framework = 'Plain'
-      config.logger = nil
-      config.person_method = 'current_user'
-      config.person_id_method = 'id'
-      config.person_username_method = 'username'
-      config.person_email_method = 'email'
-      config.root = nil
-    end
-  end
-
 end

data/spec/spec_helper.rb

@@ -26,5 +26,10 @@ RSpec.configure do |config|
   config.after(:each) do
     DatabaseCleaner.clean
   end
+  
 end
 
+def reset_configuration
+  Ratchetio.reconfigure do |config|
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ratchetio
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.7
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-03 00:00:00.000000000 Z
+date: 2012-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails