From b27ad794483fb3a2c8677fd1a3c24fd635e9409e Mon Sep 17 00:00:00 2001 From: Daniel Bankhead Date: Wed, 3 Apr 2024 10:02:05 -0700 Subject: [PATCH] fix: Error Redactor Case-Insensitive Matching --- src/common.ts | 12 ++++++------ test/test.getch.ts | 23 ++++++++++++++++------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/src/common.ts b/src/common.ts index cbeaf3b2..7a47558e 100644 --- a/src/common.ts +++ b/src/common.ts @@ -362,17 +362,17 @@ export function defaultErrorRedactor(data: { for (const key of Object.keys(headers)) { // any casing of `Authentication` - if (/^authentication$/.test(key)) { + if (/^authentication$/i.test(key)) { headers[key] = REDACT; } // any casing of `Authorization` - if (/^authorization$/.test(key)) { + if (/^authorization$/i.test(key)) { headers[key] = REDACT; } // anything containing secret, such as 'client secret' - if (/secret/.test(key)) { + if (/secret/i.test(key)) { headers[key] = REDACT; } } @@ -387,9 +387,9 @@ export function defaultErrorRedactor(data: { const text = obj[key]; if ( - /grant_type=/.test(text) || - /assertion=/.test(text) || - /secret/.test(text) + /grant_type=/i.test(text) || + /assertion=/i.test(text) || + /secret/i.test(text) ) { obj[key] = REDACT; } diff --git a/test/test.getch.ts b/test/test.getch.ts index 6f26f2b8..ca4db7a6 100644 --- a/test/test.getch.ts +++ b/test/test.getch.ts @@ -26,7 +26,7 @@ import { GaxiosResponse, GaxiosPromise, } from '../src'; -import {GAXIOS_ERROR_SYMBOL} from '../src/common'; +import {GAXIOS_ERROR_SYMBOL, Headers} from '../src/common'; import {pkg} from '../src/util'; import qs from 'querystring'; import fs from 'fs'; @@ -709,8 +709,11 @@ describe('🎏 data handling', () => { const config: GaxiosOptions = { headers: { - authentication: 'My Auth', - authorization: 'My Auth', + Authentication: 'My Auth', + /** + * Ensure casing is properly handled + */ + AUTHORIZATION: 'My Auth', 'content-type': 'application/x-www-form-urlencoded', random: 'data', }, @@ -758,8 +761,8 @@ describe('🎏 data handling', () => { assert(e.config.headers); assert.deepStrictEqual(e.config.headers, { ...config.headers, // non-redactables should be present - authentication: REDACT, - authorization: REDACT, + Authentication: REDACT, + AUTHORIZATION: REDACT, }); // config redactions - data @@ -784,11 +787,17 @@ describe('🎏 data handling', () => { // response redactions assert(e.response); assert.deepStrictEqual(e.response.config, e.config); - assert.deepStrictEqual(e.response.headers, { + + const expectedHeaders: Headers = { ...responseHeaders, // non-redactables should be present authentication: REDACT, authorization: REDACT, - }); + }; + + delete expectedHeaders['AUTHORIZATION']; + delete expectedHeaders['Authentication']; + + assert.deepStrictEqual(e.response.headers, expectedHeaders); assert.deepStrictEqual(e.response.data, { ...response, // non-redactables should be present assertion: REDACT,