@itentialopensource/adapter-utils 5.10.10 → 5.10.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/authenticationHandler.js +3 -3
- package/lib/connectorRest.js +20 -15
- package/lib/propertyUtil.js +15 -4
- package/package.json +1 -1
|
@@ -99,9 +99,9 @@ class AuthenticationHandler {
|
|
|
99
99
|
}
|
|
100
100
|
}
|
|
101
101
|
}
|
|
102
|
-
|
|
103
|
-
AWS
|
|
104
|
-
const sts = new AWS.STS();
|
|
102
|
+
|
|
103
|
+
// set the AWS access information (from properties)
|
|
104
|
+
const sts = new AWS.STS(configObj);
|
|
105
105
|
log.debug(`STS OPTIONS: ${this.propUtil.scrubSensitiveInfo(JSON.stringify(configObj))}`);
|
|
106
106
|
|
|
107
107
|
// use STS to get the AWS access information for the user defined in STWS Params
|
package/lib/connectorRest.js
CHANGED
|
@@ -111,6 +111,7 @@ let addCreds = true;
|
|
|
111
111
|
let refTokenReq = null;
|
|
112
112
|
let refTokenTimeout = -1;
|
|
113
113
|
let runRefreshToken = false;
|
|
114
|
+
let addSensitiveItems = [];
|
|
114
115
|
|
|
115
116
|
// Other global variables
|
|
116
117
|
let id = null;
|
|
@@ -383,12 +384,12 @@ function returnStub(request, entitySchema, callProperties) {
|
|
|
383
384
|
if (authLogging) {
|
|
384
385
|
// Can only mask values if header is an object - so can not log anything else
|
|
385
386
|
if (request.header) {
|
|
386
|
-
log.debug(`FULL STUB REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header))}`);
|
|
387
|
+
log.debug(`FULL STUB REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header, addSensitiveItems))}`);
|
|
387
388
|
}
|
|
388
389
|
|
|
389
390
|
// Can only mask values if body is an object - so can not log anything else
|
|
390
391
|
if (request.body) {
|
|
391
|
-
log.debug(`FULL STUB BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body))}`);
|
|
392
|
+
log.debug(`FULL STUB BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body, addSensitiveItems))}`);
|
|
392
393
|
}
|
|
393
394
|
}
|
|
394
395
|
|
|
@@ -776,8 +777,8 @@ function makeRequest(request, entitySchema, callProperties, startTrip, attempt,
|
|
|
776
777
|
|
|
777
778
|
// these logs are very useful when debugging - however there is the potential for credentials to be exposed.
|
|
778
779
|
if (authLogging) {
|
|
779
|
-
log.debug(`FULL REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header))}`);
|
|
780
|
-
log.debug(`FULL BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body))}`);
|
|
780
|
+
log.debug(`FULL REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header, addSensitiveItems))}`);
|
|
781
|
+
log.debug(`FULL BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body, addSensitiveItems))}`);
|
|
781
782
|
}
|
|
782
783
|
|
|
783
784
|
// make the call to System
|
|
@@ -926,7 +927,7 @@ function makeRequest(request, entitySchema, callProperties, startTrip, attempt,
|
|
|
926
927
|
healthy = true;
|
|
927
928
|
doneH2(true);
|
|
928
929
|
}, (retH2) => {
|
|
929
|
-
log.debug(`${origin}: CALL RETURN ${JSON.stringify(propUtilInst.scrubSensitiveInfo(callResp))}`);
|
|
930
|
+
log.debug(`${origin}: CALL RETURN ${JSON.stringify(propUtilInst.scrubSensitiveInfo(callResp, addSensitiveItems))}`);
|
|
930
931
|
useProt = undefined;
|
|
931
932
|
callResp.reqHdr = request.header.headers;
|
|
932
933
|
return callback(callResp);
|
|
@@ -1223,7 +1224,7 @@ async function getToken(reqPath, options, tokenSchema, bodyString, callPropertie
|
|
|
1223
1224
|
if (!tokenSchema.responseDatatype || tokenSchema.responseDatatype === 'JSON') {
|
|
1224
1225
|
tokenResp.response = JSON.parse(tokenResp.response);
|
|
1225
1226
|
}
|
|
1226
|
-
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tokenResp.response))}`);
|
|
1227
|
+
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tokenResp.response, addSensitiveItems))}`);
|
|
1227
1228
|
|
|
1228
1229
|
// return the token from the token schema
|
|
1229
1230
|
let translated = null;
|
|
@@ -1262,7 +1263,7 @@ async function getToken(reqPath, options, tokenSchema, bodyString, callPropertie
|
|
|
1262
1263
|
return resolve({ token: 'faketoken', tokenp2: 'faketoken' });
|
|
1263
1264
|
}
|
|
1264
1265
|
|
|
1265
|
-
log.debug(`${origin}: OPTIONS: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(options))}`);
|
|
1266
|
+
log.debug(`${origin}: OPTIONS: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(options, addSensitiveItems))}`);
|
|
1266
1267
|
|
|
1267
1268
|
// request the token
|
|
1268
1269
|
return makeRequest(request, tokenSchema, callProperties, null, 0, (result, merror) => {
|
|
@@ -1582,9 +1583,9 @@ async function getToken(reqPath, options, tokenSchema, bodyString, callPropertie
|
|
|
1582
1583
|
}
|
|
1583
1584
|
|
|
1584
1585
|
// return the token from the token schema
|
|
1585
|
-
log.debug(`About to Translate Token Response: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tempResult))}`);
|
|
1586
|
+
log.debug(`About to Translate Token Response: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tempResult, addSensitiveItems))}`);
|
|
1586
1587
|
let translated = transUtilInst.mapFromOutboundEntity(tempResult, tokenSchema.responseSchema);
|
|
1587
|
-
log.debug(`Translated response ${JSON.stringify(propUtilInst.scrubSensitiveInfo(translated))}`);
|
|
1588
|
+
log.debug(`Translated response ${JSON.stringify(propUtilInst.scrubSensitiveInfo(translated, addSensitiveItems))}`);
|
|
1588
1589
|
|
|
1589
1590
|
// if what we got back is an array, just return the first element
|
|
1590
1591
|
// should only have one token!!!
|
|
@@ -3243,7 +3244,7 @@ function requestAuthenticate(request, entitySchema, invalidToken, callProperties
|
|
|
3243
3244
|
}
|
|
3244
3245
|
|
|
3245
3246
|
// format the authentication string
|
|
3246
|
-
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tres))} being used for user: ${useUser}`);
|
|
3247
|
+
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tres, addSensitiveItems))} being used for user: ${useUser}`);
|
|
3247
3248
|
const authStrs = [];
|
|
3248
3249
|
if (callProperties && callProperties.authentication && callProperties.authentication.auth_field_format) {
|
|
3249
3250
|
if (Array.isArray(callProperties.authentication.auth_field_format)) {
|
|
@@ -3305,7 +3306,7 @@ function requestAuthenticate(request, entitySchema, invalidToken, callProperties
|
|
|
3305
3306
|
return callback(null, errorObj);
|
|
3306
3307
|
}
|
|
3307
3308
|
|
|
3308
|
-
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tokenObj))} being used for user: ${useUser}`);
|
|
3309
|
+
log.debug(`${origin}: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(tokenObj, addSensitiveItems))} being used for user: ${useUser}`);
|
|
3309
3310
|
const authStrs = [];
|
|
3310
3311
|
if (callProperties && callProperties.authentication && callProperties.authentication.auth_field_format) {
|
|
3311
3312
|
if (Array.isArray(callProperties.authentication.auth_field_format)) {
|
|
@@ -4354,6 +4355,10 @@ class ConnectorRest {
|
|
|
4354
4355
|
if (props.authentication.refresh_token_request && typeof props.authentication.refresh_token_request === 'object') {
|
|
4355
4356
|
refTokenReq = props.authentication.refresh_token_request;
|
|
4356
4357
|
}
|
|
4358
|
+
|
|
4359
|
+
if (props.authentication.sensitive) {
|
|
4360
|
+
addSensitiveItems = props.authentication.sensitive;
|
|
4361
|
+
}
|
|
4357
4362
|
}
|
|
4358
4363
|
|
|
4359
4364
|
// set the stub mode (optional - default is false)
|
|
@@ -4850,10 +4855,10 @@ class ConnectorRest {
|
|
|
4850
4855
|
log.info(`${origin}: Connector SSL connections enabled`);
|
|
4851
4856
|
}
|
|
4852
4857
|
|
|
4853
|
-
log.debug(`${origin}: HEALTHCHECK OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options))}`);
|
|
4858
|
+
log.debug(`${origin}: HEALTHCHECK OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options, addSensitiveItems))}`);
|
|
4854
4859
|
|
|
4855
4860
|
if (payload !== undefined && payload !== null && payload !== '') {
|
|
4856
|
-
log.debug(`${origin}: REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(payload))}`);
|
|
4861
|
+
log.debug(`${origin}: REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(payload, addSensitiveItems))}`);
|
|
4857
4862
|
|
|
4858
4863
|
// save it in memory
|
|
4859
4864
|
cacheHPay = payload;
|
|
@@ -5047,10 +5052,10 @@ class ConnectorRest {
|
|
|
5047
5052
|
log.info(`${origin}: Connector SSL connections enabled`);
|
|
5048
5053
|
}
|
|
5049
5054
|
|
|
5050
|
-
log.debug(`${origin}: OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options))}`);
|
|
5055
|
+
log.debug(`${origin}: OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options, addSensitiveItems))}`);
|
|
5051
5056
|
|
|
5052
5057
|
if (incoming.body !== undefined && incoming.body !== null && incoming.body !== '') {
|
|
5053
|
-
log.debug(`${origin}:REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(incoming.body))}`);
|
|
5058
|
+
log.debug(`${origin}:REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(incoming.body, addSensitiveItems))}`);
|
|
5054
5059
|
}
|
|
5055
5060
|
|
|
5056
5061
|
const request = {
|
package/lib/propertyUtil.js
CHANGED
|
@@ -1153,11 +1153,11 @@ class AdapterPropertyUtil {
|
|
|
1153
1153
|
}
|
|
1154
1154
|
|
|
1155
1155
|
// This is the array of sensitive keys
|
|
1156
|
-
let sensList = ['authorization', 'x-auth-token', 'x-csrf-token', 'x-amz-security-token', 'x-aws-ec2-metadata-token', 'cookie', 'set-cookie', 'token', 'tokenp2', 'user', 'username', 'passwd', 'password', 'api-key', 'client-id', 'client-secret', 'client_id', 'client_secret', 'session', 'session-id', 'jsessionid', 'sessionToken', 'accessKeyId', 'secretAccessKey'];
|
|
1156
|
+
let sensList = ['authorization', 'x-auth-token', 'x-csrf-token', 'x-amz-security-token', 'x-aws-ec2-metadata-token', 'cookie', 'set-cookie', 'token', 'tokenp2', 'user', 'username', 'passwd', 'password', 'api-key', 'client-id', 'client-secret', 'client_id', 'client_secret', 'session', 'session-id', 'jsessionid', 'sessionToken', 'accessKeyId', 'secretAccessKey', 'private-token'];
|
|
1157
1157
|
|
|
1158
1158
|
// add any additional items to scrub
|
|
1159
1159
|
if (addItems && Array.isArray(addItems) && addItems.length > 0) {
|
|
1160
|
-
sensList = sensList.concat(addItems);
|
|
1160
|
+
sensList = sensList.concat(addItems.map((item) => item.toLowerCase()));
|
|
1161
1161
|
}
|
|
1162
1162
|
|
|
1163
1163
|
// going to use copy of data so we do not mess up input - if object will still need to assign it
|
|
@@ -1207,7 +1207,7 @@ class AdapterPropertyUtil {
|
|
|
1207
1207
|
|
|
1208
1208
|
// go through sensitive word list - maybe can use find in
|
|
1209
1209
|
for (let j = 0; j < sensList.length; j += 1) {
|
|
1210
|
-
if (key.
|
|
1210
|
+
if (key.toLowerCase() === sensList[j].toLowerCase()) {
|
|
1211
1211
|
// if sensitive, mask
|
|
1212
1212
|
retData += `${key}=** masked **`;
|
|
1213
1213
|
found = true;
|
|
@@ -1247,7 +1247,18 @@ class AdapterPropertyUtil {
|
|
|
1247
1247
|
Object.keys(retData).forEach((key) => {
|
|
1248
1248
|
// go deep through an object with recursive call
|
|
1249
1249
|
if (typeof retData[key] === 'object') {
|
|
1250
|
-
|
|
1250
|
+
if (Array.isArray(retData[key])) {
|
|
1251
|
+
// Handle arrays that may contain sensitive info
|
|
1252
|
+
for (let k = 0; k < retData[key].length; k += 1) {
|
|
1253
|
+
if (sensList.includes(key.toLowerCase())) {
|
|
1254
|
+
retData[key][k] = '** masked **';
|
|
1255
|
+
} else {
|
|
1256
|
+
retData[key][k] = this.scrubSensitiveInfo(retData[key][k]);
|
|
1257
|
+
}
|
|
1258
|
+
}
|
|
1259
|
+
} else {
|
|
1260
|
+
retData[key] = this.scrubSensitiveInfo(retData[key]);
|
|
1261
|
+
}
|
|
1251
1262
|
} else {
|
|
1252
1263
|
// go through sensitive word list - maybe can use find in
|
|
1253
1264
|
for (let j = 0; j < sensList.length; j += 1) {
|