Mask Sentry auth token
This makes it so we mask Sentry's auth token. This mask only occurs in the UI.
This commit is contained in:
parent
7e2b100854
commit
576818b578
|
@ -32,7 +32,7 @@ module ErrorTracking
|
|||
project_slug: 'proj'
|
||||
)
|
||||
|
||||
setting.token = params[:token]
|
||||
setting.token = token(setting)
|
||||
setting.enabled = true
|
||||
end
|
||||
end
|
||||
|
@ -40,5 +40,12 @@ module ErrorTracking
|
|||
def can_read?
|
||||
can?(current_user, :read_sentry_issue, project)
|
||||
end
|
||||
|
||||
def token(setting)
|
||||
# Use param token if not masked, otherwise use database token
|
||||
return params[:token] unless /\A\*+\z/.match?(params[:token])
|
||||
|
||||
setting.token
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -36,15 +36,17 @@ module Projects
|
|||
organization_slug: settings.dig(:project, :organization_slug)
|
||||
)
|
||||
|
||||
{
|
||||
params = {
|
||||
error_tracking_setting_attributes: {
|
||||
api_url: api_url,
|
||||
token: settings[:token],
|
||||
enabled: settings[:enabled],
|
||||
project_name: settings.dig(:project, :name),
|
||||
organization_name: settings.dig(:project, :organization_name)
|
||||
}
|
||||
}
|
||||
params[:error_tracking_setting_attributes][:token] = settings[:token] unless /\A\*+\z/.match?(settings[:token]) # Don't update token if we receive masked value
|
||||
|
||||
params
|
||||
end
|
||||
|
||||
def grafana_integration_params
|
||||
|
|
|
@ -17,4 +17,4 @@
|
|||
project: error_tracking_setting_project_json,
|
||||
api_host: setting.api_host,
|
||||
enabled: setting.enabled.to_json,
|
||||
token: setting.token } }
|
||||
token: setting.token.present? ? '*' * 12 : nil } }
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Mask sentry auth token in Error Tracking dashboard
|
||||
author:
|
||||
type: security
|
|
@ -50,6 +50,19 @@ describe ErrorTracking::ListProjectsService do
|
|||
end
|
||||
end
|
||||
|
||||
context 'masked param token' do
|
||||
let(:params) { ActionController::Parameters.new(token: "*********", api_host: new_api_host) }
|
||||
|
||||
before do
|
||||
expect(error_tracking_setting).to receive(:list_sentry_projects)
|
||||
.and_return({ projects: [] })
|
||||
end
|
||||
|
||||
it 'uses database token' do
|
||||
expect { subject.execute }.not_to change { error_tracking_setting.token }
|
||||
end
|
||||
end
|
||||
|
||||
context 'sentry client raises exception' do
|
||||
context 'Sentry::Client::Error' do
|
||||
before do
|
||||
|
|
|
@ -145,6 +145,27 @@ describe Projects::Operations::UpdateService do
|
|||
end
|
||||
end
|
||||
|
||||
context 'with masked param token' do
|
||||
let(:params) do
|
||||
{
|
||||
error_tracking_setting_attributes: {
|
||||
enabled: false,
|
||||
token: '*' * 8
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
before do
|
||||
create(:project_error_tracking_setting, project: project, token: 'token')
|
||||
end
|
||||
|
||||
it 'does not update token' do
|
||||
expect(result[:status]).to eq(:success)
|
||||
|
||||
expect(project.error_tracking_setting.token).to eq('token')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with invalid parameters' do
|
||||
let(:params) { {} }
|
||||
|
||||
|
|
Loading…
Reference in New Issue