From a33eb80f56c4fc80c0d38086982019c6b8bb4b69 Mon Sep 17 00:00:00 2001
From: Gaetan Craig-Riou <gaetan.riou@gmail.com>
Date: Tue, 12 Mar 2024 11:39:20 +1100
Subject: [PATCH] Fix filtering of sensible data

* Hide Stripe Client User Agent header, it contains the hostname of
the machine generating the cassettes
* Hide client_secret
---
 .env.test                 | 3 ---
 spec/support/vcr_setup.rb | 8 ++++++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.env.test b/.env.test
index a2190c418c..535d37a9e0 100644
--- a/.env.test
+++ b/.env.test
@@ -14,6 +14,3 @@ SITE_URL="test.host"
 
 OPENID_APP_ID="test-provider"
 OPENID_APP_SECRET="12345"
-
-CLIENT_SECRET =~ /secret.+/
-HOSTNAME =~ /"hostname":".+"/
diff --git a/spec/support/vcr_setup.rb b/spec/support/vcr_setup.rb
index 256bdb07cb..01cc2d9033 100644
--- a/spec/support/vcr_setup.rb
+++ b/spec/support/vcr_setup.rb
@@ -16,9 +16,13 @@ VCR.configure do |config|
     STRIPE_ACCOUNT
     STRIPE_CLIENT_ID
     STRIPE_ENDPOINT_SECRET
-    CLIENT_SECRET
-    HOSTNAME
   ].each do |env_var|
     config.filter_sensitive_data("<HIDDEN-#{env_var}>") { ENV.fetch(env_var, nil) }
   end
+  config.filter_sensitive_data('<HIDDEN-STRIPE-USER-AGENT>') { |interaction|
+    interaction.request.headers['X-Stripe-Client-User-Agent']&.public_send(:[], 0)
+  }
+  config.filter_sensitive_data('<HIDDEN-CLIENT-SECRET>') { |interaction|
+    interaction.response.body.match(/"client_secret": "(pi_.+)"/)&.public_send(:[], 1)
+  }
 end