From 0424801ec8854167d17c76b68e6ae8c5b5a6a52a Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 6 Jan 2018 06:18:13 +0000 Subject: Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3' Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2281 (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7) 2bcbbda0 Filter out sensitive fields from the project services API --- spec/models/service_spec.rb | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'spec/models/service_spec.rb') diff --git a/spec/models/service_spec.rb b/spec/models/service_spec.rb index ab6678cab38..15c1e57c9e4 100644 --- a/spec/models/service_spec.rb +++ b/spec/models/service_spec.rb @@ -255,6 +255,7 @@ describe Service do end end +<<<<<<< HEAD describe "#deprecated?" do let(:project) { create(:project, :repository) } @@ -278,6 +279,39 @@ describe Service do it 'returns service template' do expect(KubernetesService.find_by_template).to eq(kubernetes_service) +======= + describe '#api_field_names' do + let(:fake_service) do + Class.new(Service) do + def fields + [ + { name: 'token' }, + { name: 'api_token' }, + { name: 'key' }, + { name: 'api_key' }, + { name: 'password' }, + { name: 'password_field' }, + { name: 'safe_field' } + ] + end + end + end + + let(:service) do + fake_service.new(properties: [ + { token: 'token-value' }, + { api_token: 'api_token-value' }, + { key: 'key-value' }, + { api_key: 'api_key-value' }, + { password: 'password-value' }, + { password_field: 'password_field-value' }, + { safe_field: 'safe_field-value' } + ]) + end + + it 'filters out sensitive fields' do + expect(service.api_field_names).to eq(['safe_field']) +>>>>>>> Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3' end end end -- cgit v1.2.1