diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 11:42:18 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 11:42:44 +0000 |
commit | 15c040a6bd71894260b66a90685070c0babfee76 (patch) | |
tree | 27021108f64428697744973cddaede55930f4ef7 /spec/initializers | |
parent | 6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (diff) | |
download | gitlab-ce-15c040a6bd71894260b66a90685070c0babfee76.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee
Diffstat (limited to 'spec/initializers')
-rw-r--r-- | spec/initializers/lograge_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/initializers/lograge_spec.rb b/spec/initializers/lograge_spec.rb index abb1673bb88..421f6373eff 100644 --- a/spec/initializers/lograge_spec.rb +++ b/spec/initializers/lograge_spec.rb @@ -173,6 +173,27 @@ RSpec.describe 'lograge', type: :request do end end + describe 'with access token in url' do + before do + event.payload[:location] = 'http://example.com/auth.html#access_token=secret_token&token_type=Bearer' + end + + it 'strips location from sensitive information' do + subscriber.redirect_to(event) + subscriber.process_action(event) + + expect(log_data['location']).not_to include('secret_token') + expect(log_data['location']).to include('filtered') + end + + it 'leaves non-sensitive information from location' do + subscriber.redirect_to(event) + subscriber.process_action(event) + + expect(log_data['location']).to include('&token_type=Bearer') + end + end + context 'with db payload' do context 'when RequestStore is enabled', :request_store do it 'includes db counters' do |