Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-prfq-f66g-43mp
* Applied #1085 from auth0.js (fixes broken tests)

* Added an object helper for setting properties at a deep level

* Masking password in original error object
  • Loading branch information
Steve Hobbs committed Apr 9, 2020
1 parent 55b6ac8 commit 355ca74
Show file tree
Hide file tree
Showing 4 changed files with 172 additions and 1 deletion.
25 changes: 24 additions & 1 deletion src/helper/object.js
Expand Up @@ -168,6 +168,28 @@ function trimUserDetails(options) {
return trimMultiple(options, ['username', 'email', 'phoneNumber']);
}

/**
* Updates the value of a property on the given object, using a deep path selector.
* @param {object} obj The object to set the property value on
* @param {string|array} path The path to the property that should have its value updated. e.g. 'prop1.prop2.prop3' or ['prop1', 'prop2', 'prop3']
* @param {any} value The value to set
*/
function updatePropertyOn(obj, path, value) {
if (typeof path === 'string') {
path = path.split('.');
}

var next = path[0];

if (obj.hasOwnProperty(next)) {
if (path.length === 1) {
obj[next] = value;
} else {
updatePropertyOn(obj[next], path.slice(1), value);
}
}
}

export default {
toSnakeCase: toSnakeCase,
toCamelCase: toCamelCase,
Expand All @@ -178,5 +200,6 @@ export default {
extend: extend,
getOriginFromUrl: getOriginFromUrl,
getLocationFromUrl: getLocationFromUrl,
trimUserDetails: trimUserDetails
trimUserDetails: trimUserDetails,
updatePropertyOn: updatePropertyOn
};
6 changes: 6 additions & 0 deletions src/helper/response-handler.js
Expand Up @@ -27,6 +27,12 @@ function wrapCallback(cb, options) {
original: err
};

objectHelper.updatePropertyOn(
errObj,
'original.response.req._data.password',
'*****'
);

if (err.response && err.response.statusCode) {
errObj.statusCode = err.response.statusCode;
}
Expand Down
58 changes: 58 additions & 0 deletions test/helper/object.test.js
Expand Up @@ -707,4 +707,62 @@ describe('helpers', function() {
});
});
});

describe('setPropertyValue', function() {
it('can set a property at the first level of the object', function() {
var obj = {
one: 1,
two: 2,
three: 3
};

objectHelper.updatePropertyOn(obj, 'one', 'one');

expect(obj).to.eql({
one: 'one',
two: 2,
three: 3
});
});

it('can set a nested property', function() {
var obj = {
one: {
two: {
three: 3
}
}
};

objectHelper.updatePropertyOn(obj, 'one.two.three', 'three');

expect(obj).to.eql({
one: {
two: {
three: 'three'
}
}
});
});

it("does not add new values if the key doesn't already exist", function() {
var obj = {
one: {
two: {
three: 3
}
}
};

objectHelper.updatePropertyOn(obj, 'one.two.four', 4);

expect(obj).to.eql({
one: {
two: {
three: 3
}
}
});
});
});
});
84 changes: 84 additions & 0 deletions test/helper/response-handler.test.js
Expand Up @@ -241,4 +241,88 @@ describe('helpers responseHandler', function() {
{ keepOriginalCasing: true }
)(null, assert_data);
});

it('should mask the password object in the original response object', function(done) {
var assert_err = {
code: 'the_error_code',
error: 'The error description.',
response: {
req: {
_data: {
realm: 'realm',
client_id: 'client_id',
username: 'username',
password: 'this is a password'
}
}
}
};

responseHandler(function(err, data) {
expect(data).to.be(undefined);

expect(err).to.eql({
original: {
code: 'the_error_code',
error: 'The error description.',
response: {
req: {
_data: {
realm: 'realm',
client_id: 'client_id',
username: 'username',
password: '*****'
}
}
}
},
code: 'the_error_code',
description: 'The error description.'
});

done();
})(assert_err, null);
});

it('should mask the password object in the data object', function(done) {
var assert_err = {
code: 'the_error_code',
error: 'The error description.',
response: {
req: {
_data: {
realm: 'realm',
client_id: 'client_id',
username: 'username',
password: 'this is a password'
}
}
}
};

responseHandler(function(err, data) {
expect(data).to.be(undefined);

expect(err).to.eql({
original: {
code: 'the_error_code',
error: 'The error description.',
response: {
req: {
_data: {
realm: 'realm',
client_id: 'client_id',
username: 'username',
password: '*****'
}
}
}
},
code: 'the_error_code',
description: 'The error description.'
});

done();
})(assert_err, null);
});
});

0 comments on commit 355ca74

Please sign in to comment.