postman-runtime 7.31.3 → 7.32.0

package/lib/authorizer/jwt.js

@@ -55,15 +55,19 @@ const _ = require('lodash'),
  */
 function addTokenToRequest (auth, request, jwtToken) {
     const addTokenTo = auth.get(AUTH_KEYS.ADD_TOKEN_TO) || ADD_TOKEN_TO_TARGETS.HEADER,
-        queryParamKey = auth.get(AUTH_KEYS.QUERY_PARAM_KEY) || QUERY_KEY,
-        headerPrefix = auth.get(AUTH_KEYS.HEADER_PREFIX) || BEARER_AUTH_PREFIX;
+        queryParamKey = auth.get(AUTH_KEYS.QUERY_PARAM_KEY) || QUERY_KEY;
 
     if (addTokenTo === ADD_TOKEN_TO_TARGETS.HEADER) {
         request.removeHeader(AUTHORIZATION, { ignoreCase: true });
 
+        let headerPrefix = auth.get(AUTH_KEYS.HEADER_PREFIX);
+
+        headerPrefix = _.isNil(headerPrefix) ? BEARER_AUTH_PREFIX : headerPrefix;
+        headerPrefix && (headerPrefix += SPACE);
+
         request.addHeader({
             key: AUTHORIZATION,
-            value: headerPrefix + SPACE + jwtToken,
+            value: headerPrefix + jwtToken,
             system: true
         });
     }
@@ -94,7 +98,10 @@ function addTokenToRequest (auth, request, jwtToken) {
  *                                       is encoded in base64 format
  *    privateKey: <string> - PEM format private key for RS, PS, ES algorithms
  *    addTokenTo: <string> - possible values - header | queryParam,
- *    headerPrefix: <string> - prefix added before jwt token in header - Default Bearer
+ *    headerPrefix: <string> - prefix added before jwt token in header
+ *                             If headerPrefix is null | undefined - `Authorization:Bearer + SPACE + JWT_TOKEN`
+ *                             If headerPrefix is valid string - `Authorization:HEADER_PREFIX + SPACE + JWT_TOKEN`
+ *                             If headerPrefix is empty string - `Authorization:JWT_TOKEN`
  *    queryParamKey: <string> - optional property added when <addTokenTo> set to [queryParam],
  *   }
  *  }

package/lib/requester/dry-run.js

@@ -11,6 +11,7 @@ const _ = require('lodash'),
     authorizeRequest = require('../authorizer').authorizeRequest,
     authHandlers = require('../authorizer').AuthLoader.handlers,
     version = require('../../package.json').version,
+    stripJSONComments = require('strip-json-comments'),
 
     CALCULATED_AT_RUNTIME = '<calculated when request is sent>',
     COOKIE = 'Cookie',
@@ -19,6 +20,8 @@ const _ = require('lodash'),
     DEFAULT_MIME_TYPE = 'application/octet-stream',
     CONTENT_TYPE_URLENCODED = 'application/x-www-form-urlencoded',
     CONTENT_TYPE_FORMDATA = 'multipart/form-data; boundary=' + CALCULATED_AT_RUNTIME,
+    STRING = 'string',
+    CONTENT_LANGUAGE_JSON = 'json',
 
     CONTENT_TYPE_LANGUAGE = {
         html: 'text/html',
@@ -197,6 +200,39 @@ function setContentType (request, callback) {
     callback(null, request);
 }
 
+/**
+ * Remove comments if the data mode is raw and content type is application/json
+ *
+ * @private
+ * @param {Request} request -
+ * @param {Function} callback -
+ */
+function sanitizeRawBody (request, callback) {
+    let language = _.get(request, 'body.options.raw.language'),
+        content = _.get(request, 'body.raw');
+
+    // bail out if raw language is not json or content is not present
+    if (!(content && language === CONTENT_LANGUAGE_JSON)) {
+        return callback(null, request);
+    }
+
+    if (typeof content !== STRING) {
+        content = JSON.stringify(content);
+    }
+
+    // bail out if no comments present in content
+    if (!(content.includes('//') || content.includes('/*'))) {
+        return callback(null, request);
+    }
+
+    // stripJSONComments throws error if the content is not string
+    // here were have already converted the content to string in previous step
+    // hence we are do not have a safety check here.
+    request.body.raw = stripJSONComments(content, { whitespace: false });
+
+    callback(null, request);
+}
+
 /**
  * Adds Cookie header for the given request url.
  *
@@ -254,12 +290,15 @@ function dryRun (request, options, done) {
         disableCookies = _.get(options.protocolProfileBehavior, 'disableCookies');
 
     async.waterfall([
-        function setAuthorizationHeaders (next) {
-            setAuthorization(request, next);
-        },
-        function setContentTypeHeader (request, next) {
+        function setContentTypeHeader (next) {
             setContentType(request, next);
         },
+        function sanitizeRawBodyContent (request, next) {
+            sanitizeRawBody(request, next);
+        },
+        function setAuthorizationHeaders (request, next) {
+            setAuthorization(request, next);
+        },
         function setContentLength (request, next) {
             var headers = request.headers,
                 header = headers.one('content-length');

package/lib/runner/request-helpers-presend.js

@@ -1,15 +1,51 @@
-var _ = require('lodash'),
+const _ = require('lodash'),
     async = require('async'),
     util = require('./util'),
     sdk = require('postman-collection'),
+    stripJSONComments = require('strip-json-comments'),
 
     createAuthInterface = require('../authorizer/auth-interface'),
     AuthLoader = require('../authorizer/index').AuthLoader,
     ReplayController = require('./replay-controller'),
+    { getRequestBody } = require('../requester/core'),
 
+    CONTENT_LANGUAGE_JSON = 'json',
+    STRING = 'string',
     DOT_AUTH = '.auth';
 
 module.exports = [
+    // Raw request body update
+    function (context, run, done) {
+        if (!context.item) { return done(new Error('Nothing to update body.')); }
+
+        let request = _.get(context.item, 'request'),
+            requestBody = _.get(request, 'body'),
+            rawContent;
+
+        // bail out if raw language is not json
+        if (_.get(requestBody, 'options.raw.language') !== CONTENT_LANGUAGE_JSON) {
+            return done();
+        }
+
+        // here we are using the core `getRequestBody` to cover the cases
+        // where request body is not sent (disableBodyPruning)
+        rawContent = getRequestBody(request, context.protocolProfileBehavior);
+
+        // bail out if there is no request body to sanitize
+        if (!(rawContent && rawContent.body && typeof rawContent.body === STRING)) {
+            return done();
+        }
+
+        // bail out if no comments present in raw body
+        if (!(rawContent.body.includes('//') || rawContent.body.includes('/*'))) {
+            return done();
+        }
+
+        // NOTE: mutates context.item request body
+        requestBody.raw = stripJSONComments(rawContent.body, { whitespace: false });
+
+        done();
+    },
     // File loading
     function (context, run, done) {
         if (!context.item) { return done(new Error('Nothing to resolve files for.')); }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postman-runtime",
-  "version": "7.31.3",
+  "version": "7.32.0",
   "description": "Underlying library of executing Postman Collections",
   "author": "Postman Inc.",
   "license": "Apache-2.0",
@@ -46,8 +46,8 @@
     "async": "3.2.4",
     "aws4": "1.12.0",
     "handlebars": "4.7.7",
-    "httpntlm": "1.8.2",
-    "jose": "4.12.0",
+    "httpntlm": "1.8.10",
+    "jose": "4.13.1",
     "js-sha512": "0.8.0",
     "lodash": "4.17.21",
     "mime-types": "2.1.35",
@@ -58,6 +58,7 @@
     "postman-sandbox": "4.2.4",
     "postman-url-encoder": "3.0.5",
     "serialised-error": "1.1.3",
+    "strip-json-comments": "3.1.1",
     "uuid": "8.3.2"
   },
   "devDependencies": {
@@ -91,9 +92,9 @@
     "shelljs": "^0.8.5",
     "sinon": "^12.0.1",
     "teleport-javascript": "^1.0.0",
-    "terser": "^5.16.4",
+    "terser": "^5.16.8",
     "tmp": "^0.2.1",
-    "webpack": "^5.75.0",
+    "webpack": "^5.77.0",
     "yankee": "^1.0.8"
   },
   "engines": {