stitches 4.2.0 → 4.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/stitches/api_client_access_wrapper.rb +6 -2
  3. data/lib/stitches/version.rb +1 -1
  4. data/spec/api_key_middleware_spec.rb +12 -4
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b96871187fb98a847464ed9e035f2bbce340fb8acd0e15372cd2de84e14393fd
4
- data.tar.gz: e60814802decfe7bb0e7cc8a51c8a2a99db7fc3db4183904f12570febb6611ae
3
+ metadata.gz: 076cbbf3b2dfdd8b9b01d5c9f80cc091c223f14008fd7d45ceb2fff58bf454a0
4
+ data.tar.gz: a0d73979c10617fd6567aa7089236da49c7d2f1e1f58648931af5f5a0d7562b4
5
5
  SHA512:
6
- metadata.gz: 3fc14b2226a3f1fdc6a7d4fcf2a905166765603e3c5b03039c3c76beb506d62a7415d0738062e046d85b70a3496f73eaa06d7fd9c55cf2fcc5e62f73ee01fb46
7
- data.tar.gz: f25373d0f6cdb1641172d9a0e574dcaf2e3660558975dd085bdc45c202d113337420af5ac3a55cd4311017cb66d93c7e2c24ca78452913d38564982e0df9f5fc
6
+ metadata.gz: 46e0364ba7c84f2fe1ca66cac2b74236b173bd023b4573b41f0ed718c66828c1131075802e7cc388f427f7de81af6e9bc13c763429f68382ce6a8729d548e988
7
+ data.tar.gz: af3e5c6b23f9134ee842b300a65afcf13455d3842516696e3774e35a324d590271058f581db1451ecccbbf23c3c70f63ec2d12476c0306a1dfdf50825c7e5d55
data/lib/stitches/api_client_access_wrapper.rb CHANGED
@@ -33,7 +33,7 @@ module Stitches::ApiClientAccessWrapper
33
33
 
34
34
  disabled_at = api_client.respond_to?(:disabled_at) ? api_client.disabled_at : nil
35
35
  if disabled_at && disabled_at > configuration.disabled_key_leniency_in_seconds.seconds.ago
36
- message = "Allowing disabled ApiClient: #{api_client.name} with key #{api_client.key} disabled at #{disabled_at}"
36
+ message = "Allowing disabled ApiClient: #{api_client.name} with key #{redact_key(api_client)} disabled at #{disabled_at}"
37
37
  if disabled_at > configuration.disabled_key_leniency_error_log_threshold_in_seconds.seconds.ago
38
38
  logger.warn(message)
39
39
  else
@@ -41,11 +41,15 @@ module Stitches::ApiClientAccessWrapper
41
41
  end
42
42
  return api_client
43
43
  else
44
- logger.error("Rejecting disabled ApiClient: #{api_client.name} with key #{api_client.key}")
44
+ logger.error("Rejecting disabled ApiClient: #{api_client.name} with key #{redact_key(api_client)}")
45
45
  end
46
46
  nil
47
47
  end
48
48
 
49
+ def self.redact_key(api_client)
50
+ "*****#{api_client.key.to_s[-8..-1]}"
51
+ end
52
+
49
53
  def self.logger
50
54
  if defined?(StitchFix::Logger::LogWriter)
51
55
  StitchFix::Logger::LogWriter
data/lib/stitches/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Stitches
4
- VERSION = '4.2.0'
4
+ VERSION = '4.2.1'
5
5
  end
data/spec/api_key_middleware_spec.rb CHANGED
@@ -102,10 +102,11 @@ RSpec.describe "/api/hellos", type: :request do
102
102
  context "when disabled_at is set to a time older than three days ago" do
103
103
  let(:disabled_at) { 4.day.ago }
104
104
 
105
- it "allows the call" do
105
+ it "does not allow the call" do
106
106
  execute_call
107
107
 
108
108
  expect_unauthorized
109
+
109
110
  end
110
111
  end
111
112
 
@@ -162,7 +163,9 @@ RSpec.describe "/api/hellos", type: :request do
162
163
 
163
164
  it "logs error about the disabled key to the Rails.logger" do
164
165
  allow(Rails.logger).to receive(:warn)
165
- allow(Rails.logger).to receive(:error)
166
+ allow(Rails.logger).to receive(:error) do |message1|
167
+ expect(message1).not_to include uuid
168
+ end
166
169
 
167
170
  execute_call
168
171
 
@@ -210,7 +213,10 @@ RSpec.describe "/api/hellos", type: :request do
210
213
  let(:disabled_at) { 101.seconds.ago }
211
214
 
212
215
  it "forbids the call" do
213
- allow(Rails.logger).to receive(:error)
216
+ allow(Rails.logger).to receive(:error) do |message1|
217
+ expect(message1).not_to include uuid
218
+ end
219
+
214
220
  execute_call
215
221
 
216
222
  expect_unauthorized
@@ -235,7 +241,9 @@ RSpec.describe "/api/hellos", type: :request do
235
241
  let(:disabled_at) { 25.seconds.ago }
236
242
 
237
243
  it "allows the call" do
238
- allow(Rails.logger).to receive(:warn)
244
+ allow(Rails.logger).to receive(:warn) do |message1|
245
+ expect(message1).not_to include uuid
246
+ end
239
247
 
240
248
  execute_call
241
249
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stitches
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.0
4
+ version: 4.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stitch Fix Engineering
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2021-08-12 00:00:00.000000000 Z
14
+ date: 2021-09-20 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rails