Patchwork D6513: phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings

login
register
mail settings
Submitter phabricator
Date June 12, 2019, 4:44 p.m.
Message ID <807d5703d44e9a3f190a60effb21e45b@localhost.localdomain>
Download mbox | patch
Permalink /patch/40443/
State Not Applicable
Headers show

Comments

phabricator - June 12, 2019, 4:44 p.m.
Closed by commit rHGd3c81439e2ee: phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings (authored by Kwan).
This revision was automatically updated to reflect the committed changes.
This revision was not accepted when it landed; it landed in state "Needs Review".

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D6513?vs=15448&id=15453

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D6513/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D6513

AFFECTED FILES
  hgext/phabricator.py
  tests/test-phabricator.t

CHANGE DETAILS




To: Kwan, #hg-reviewers
Cc: mercurial-devel

Patch

diff --git a/tests/test-phabricator.t b/tests/test-phabricator.t
--- a/tests/test-phabricator.t
+++ b/tests/test-phabricator.t
@@ -15,8 +15,8 @@ 
   > hgphab.prefix = phab.mercurial-scm.org
   > # When working on the extension and making phabricator interaction
   > # changes, edit this to be a real phabricator token. When done, edit
-  > # it back, and make sure to also edit your VCR transcripts to match
-  > # whatever value you put here.
+  > # it back. The VCR transcripts will be auto-sanitised to replace your real
+  > # token with this value.
   > hgphab.phabtoken = cli-hahayouwish
   > EOF
   $ VCR="$TESTDIR/phabricator"
diff --git a/hgext/phabricator.py b/hgext/phabricator.py
--- a/hgext/phabricator.py
+++ b/hgext/phabricator.py
@@ -134,6 +134,19 @@ 
         r2params = r2.body.split(b'&')
         return set(r1params) == set(r2params)
 
+    def sanitiserequest(request):
+        request.body = re.sub(
+            r'cli-[a-z0-9]+',
+            r'cli-hahayouwish',
+            request.body
+        )
+        return request
+
+    def sanitiseresponse(response):
+        if r'set-cookie' in response[r'headers']:
+            del response[r'headers'][r'set-cookie']
+        return response
+
     def decorate(fn):
         def inner(*args, **kwargs):
             cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None))
@@ -144,6 +157,8 @@ 
                     import vcr.stubs as stubs
                     vcr = vcrmod.VCR(
                         serializer=r'json',
+                        before_record_request=sanitiserequest,
+                        before_record_response=sanitiseresponse,
                         custom_patches=[
                             (urlmod, r'httpconnection',
                              stubs.VCRHTTPConnection),