Merge pull request #144 from tmaher/master

Excon::Connection#inspect redacts authorization header
excon · Aug 27, 2012 · 65379d1 · 65379d1
2 parents 63e5b7e + 3f5598e
commit 65379d1
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/lib/excon/connection.rb b/lib/excon/connection.rb
@@ -147,7 +147,20 @@ def retry_limit
       @connection[:retry_limit] ||= DEFAULT_RETRY_LIMIT
     end
 
-  private
+    def inspect
+      c_clean = @connection.dup
+      c_clean[:headers] = @connection[:headers].dup
+      if ! @connection[:headers]['Authorization'].nil?
+        c_clean[:headers]['Authorization'] = 'REDACTED'
+      end
+      vars = instance_variables.map do |x|
+        vals = x.to_s.eql?("@connection") ? c_clean : instance_variable_get(x)
+        "#{x}=#{vals.inspect}"
+      end
+      "#{self.to_s}".gsub(/>\z/, " " + vars.join(", ") + '>')
+    end
+
+    private
 
     def detect_content_length(body)
       if body.is_a?(String)

diff --git a/tests/authorization_header_tests.rb b/tests/authorization_header_tests.rb
@@ -0,0 +1,20 @@
+with_rackup('basic_auth.ru') do
+  Shindo.tests('Excon basics (Authorization data redacted)') do
+    cases = [
+             ['user & pass', 'http://user1:pass1@foo.com/', 'Basic dXNlcjE6cGFzczE='],
+             ['user no pass', 'http://three_user@foo.com/', 'Basic dGhyZWVfdXNlcjo='],
+             ['pass no user', 'http://:derppass@foo.com/', 'Basic OmRlcnBwYXNz']
+            ]
+    cases.each do |desc,url,auth_header|
+      conn = Excon.new(url)
+      test("authorization header concealed for #{desc}") do
+        ! conn.inspect.to_s.include? auth_header
+      end
+
+      tests("authorization header correct for #{desc}").returns(auth_header) do
+        conn.connection[:headers]['Authorization']
+      end
+
+    end
+  end
+end