Correct missing password hash removal

Auth has removal was broken in a number of cases for all 4.2 versions:
- All queries that returned the object text for a mntner when
  all hash names (MD5-PW etc.) in the text were lower or mixed case
- Queries for the auth attribute in GraphQL queries
- Queries for the objectText for journal entries in GraphQL queries

Further details in 4.2.3 release notes.

Note that this commit only has the fix and tests or coverage may
fail without the subsequent update to the tests.

irrd/server/graphql/resolvers.py

@@ -187,6 +187,8 @@ def resolve_rpsl_object_journal(rpsl_object, info: GraphQLResolveInfo):
         response['operation'] = response['operation'].name
         if response['origin']:
             response['origin'] = response['origin'].name
+        if response['objectText']:
+            response['objectText'] = remove_auth_hashes(response['objectText'])
         yield response
 
 
@@ -221,7 +223,7 @@ def _rpsl_db_query_to_graphql_out(query: RPSLDatabaseQuery, info: GraphQLResolve
         object_type = resolve_rpsl_object_type(row)
         for key, value in row.get('parsed_data', dict()).items():
             if key == 'auth':
-                value = remove_auth_hashes(value)
+                value = [remove_auth_hashes(v) for v in value]
             graphql_type = schema.graphql_types[object_type][key]
             if graphql_type == 'String' and isinstance(value, list):
                 value = '\n'.join(value)

irrd/utils/text.py

@@ -12,7 +12,8 @@ def remove_auth_hashes(input: Optional[str]):
     if not input:
         return input
     # If there are no hashes, skip the RE for performance.
-    if not any([pw_hash in input for pw_hash in PASSWORD_HASHERS_ALL.keys()]):
+    input_lower = input.lower()
+    if not any([pw_hash.lower() in input_lower for pw_hash in PASSWORD_HASHERS_ALL.keys()]):
         return input
     return re_remove_passwords.sub(r'\1 %s  # Filtered for security' % PASSWORD_HASH_DUMMY_VALUE, input)