[Action Cable] Stop logging filtered params

Co-Autored-By: Kartikey Tanna <tannakartikey@gmail.com>
rails · Feb 8, 2023 · 177b949 · 177b949
1 parent dcd8f37
commit 177b949
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 5 deletions.
diff --git a/actioncable/lib/action_cable/channel/base.rb b/actioncable/lib/action_cable/channel/base.rb
@@ -2,6 +2,7 @@
 
 require "set"
 require "active_support/rescuable"
+require "active_support/parameter_filter"
 
 module ActionCable
   module Channel
@@ -275,12 +276,19 @@ def dispatch_action(action, data)
 
         def action_signature(action, data)
           (+"#{self.class.name}##{action}").tap do |signature|
-            if (arguments = data.except("action")).any?
+            arguments = data.except("action")
+
+            if arguments.any?
+              arguments = parameter_filter.filter(arguments)
               signature << "(#{arguments.inspect})"
             end
           end
         end
 
+        def parameter_filter
+          @parameter_filter ||= ActiveSupport::ParameterFilter.new(connection.server.config.filter_parameters)
+        end
+
         def transmit_subscription_confirmation
           unless subscription_confirmation_sent?
             logger.debug "#{self.class.name} is transmitting the subscription confirmation"

diff --git a/actioncable/lib/action_cable/channel/test_case.rb b/actioncable/lib/action_cable/channel/test_case.rb
@@ -45,7 +45,7 @@ def start_periodic_timers; end
     end
 
     class ConnectionStub
-      attr_reader :transmissions, :identifiers, :subscriptions, :logger
+      attr_reader :transmissions, :identifiers, :subscriptions, :logger, :server
 
       def initialize(identifiers = {})
         @transmissions = []
@@ -57,6 +57,7 @@ def initialize(identifiers = {})
         @subscriptions = ActionCable::Connection::Subscriptions.new(self)
         @identifiers = identifiers.keys
         @logger = ActiveSupport::TaggedLogging.new ActiveSupport::Logger.new(StringIO.new)
+        @server = TestServer.new
       end
 
       def transmit(cable_message)

diff --git a/actioncable/lib/action_cable/engine.rb b/actioncable/lib/action_cable/engine.rb
@@ -40,11 +40,12 @@ class Engine < Rails::Engine # :nodoc:
 
       ActiveSupport.on_load(:action_cable) do
         if (config_path = Pathname.new(app.config.paths["config/cable"].first)).exist?
-          self.cable = Rails.application.config_for(config_path).to_h.with_indifferent_access
+          self.cable = app.config_for(config_path).to_h.with_indifferent_access
         end
 
         previous_connection_class = connection_class
         self.connection_class = -> { "ApplicationCable::Connection".safe_constantize || previous_connection_class.call }
+        self.filter_parameters += app.config.filter_parameters
 
         options.each { |k, v| send("#{k}=", v) }
       end

diff --git a/actioncable/lib/action_cable/server/configuration.rb b/actioncable/lib/action_cable/server/configuration.rb
@@ -7,7 +7,7 @@ module Server
     class Configuration
       attr_accessor :logger, :log_tags
       attr_accessor :connection_class, :worker_pool_size
-      attr_accessor :disable_request_forgery_protection, :allowed_request_origins, :allow_same_origin_as_host
+      attr_accessor :disable_request_forgery_protection, :allowed_request_origins, :allow_same_origin_as_host, :filter_parameters
       attr_accessor :cable, :url, :mount_path
       attr_accessor :precompile_assets
 
@@ -19,6 +19,7 @@ def initialize
 
         @disable_request_forgery_protection = false
         @allow_same_origin_as_host = true
+        @filter_parameters = []
       end
 
       # Returns constant of subscription adapter specified in config/cable.yml.

diff --git a/actioncable/test/channel/base_test.rb b/actioncable/test/channel/base_test.rb
@@ -105,6 +105,15 @@ def error_handler
     assert_equal({ id: 1 }, @channel.params)
   end
 
+  test "does not log filtered parameters" do
+    @connection.server.config.filter_parameters << :password
+    data = { password: "password", foo: "foo" }
+
+    assert_logged(':password=>"[FILTERED]"') do
+      @channel.perform_action data
+    end
+  end
+
   test "unsubscribing from a channel" do
     @channel.subscribe_to_channel
 

diff --git a/actioncable/test/stubs/test_server.rb b/actioncable/test/stubs/test_server.rb
@@ -11,7 +11,7 @@ class TestServer
   def initialize(subscription_adapter: SuccessAdapter)
     @logger = ActiveSupport::TaggedLogging.new ActiveSupport::Logger.new(StringIO.new)
 
-    @config = OpenStruct.new(log_tags: [], subscription_adapter: subscription_adapter)
+    @config = OpenStruct.new(log_tags: [], subscription_adapter: subscription_adapter, filter_parameters: [])
 
     @mutex = Monitor.new
   end