raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-26 01:33:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix filtering of sensible data

Browse Source 
* Hide Stripe Client User Agent header, it contains the hostname of
the machine generating the cassettes
* Hide client_secret
This commit is contained in:
Gaetan Craig-Riou
2024-03-12 11:39:20 +11:00
parent 5653d542f6
commit a33eb80f56
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.test
View File

@@ -14,6 +14,3 @@ SITE_URL="test.host"
OPENID_APP_ID="test-provider"
OPENID_APP_SECRET="12345"
CLIENT_SECRET =~ /secret.+/
HOSTNAME =~ /"hostname":".+"/

8
spec/support/vcr_setup.rb
View File

@@ -16,9 +16,13 @@ VCR.configure do |config|
STRIPE_ACCOUNT
STRIPE_CLIENT_ID
STRIPE_ENDPOINT_SECRET
CLIENT_SECRET
HOSTNAME
].each do |env_var|
config.filter_sensitive_data("<HIDDEN-#{env_var}>") { ENV.fetch(env_var, nil) }
end
config.filter_sensitive_data('<HIDDEN-STRIPE-USER-AGENT>') { |interaction|
interaction.request.headers['X-Stripe-Client-User-Agent']&.public_send(:[], 0)
}
config.filter_sensitive_data('<HIDDEN-CLIENT-SECRET>') { |interaction|
interaction.response.body.match(/"client_secret": "(pi_.+)"/)&.public_send(:[], 1)
}
end