mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
fix(core): Redact csrfSecret
when returning oauth credentials to the frontend (#10075)
This commit is contained in:
parent
68d5d7e2e9
commit
48f047ee2e
|
@ -0,0 +1,70 @@
|
|||
import { CREDENTIAL_EMPTY_VALUE, type ICredentialType } from 'n8n-workflow';
|
||||
import { mock } from 'jest-mock-extended';
|
||||
import { CREDENTIAL_BLANKING_VALUE } from '@/constants';
|
||||
import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
|
||||
import type { CredentialTypes } from '@/CredentialTypes';
|
||||
import { CredentialsService } from '../credentials.service';
|
||||
|
||||
describe('CredentialsService', () => {
|
||||
const credType = mock<ICredentialType>({
|
||||
extends: [],
|
||||
properties: [
|
||||
{
|
||||
name: 'clientSecret',
|
||||
type: 'string',
|
||||
typeOptions: { password: true },
|
||||
doNotInherit: false,
|
||||
},
|
||||
{
|
||||
name: 'accessToken',
|
||||
type: 'string',
|
||||
typeOptions: { password: true },
|
||||
doNotInherit: false,
|
||||
},
|
||||
],
|
||||
});
|
||||
const credentialTypes = mock<CredentialTypes>();
|
||||
const service = new CredentialsService(
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
credentialTypes,
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
mock(),
|
||||
);
|
||||
|
||||
describe('redact', () => {
|
||||
it('should redact sensitive values', () => {
|
||||
const credential = mock<CredentialsEntity>({
|
||||
id: '123',
|
||||
name: 'Test Credential',
|
||||
type: 'oauth2',
|
||||
});
|
||||
|
||||
const decryptedData = {
|
||||
clientId: 'abc123',
|
||||
clientSecret: 'sensitiveSecret',
|
||||
accessToken: '',
|
||||
oauthTokenData: 'super-secret',
|
||||
csrfSecret: 'super-secret',
|
||||
};
|
||||
|
||||
credentialTypes.getByName.calledWith(credential.type).mockReturnValue(credType);
|
||||
|
||||
const redactedData = service.redact(decryptedData, credential);
|
||||
|
||||
expect(redactedData).toEqual({
|
||||
clientId: 'abc123',
|
||||
clientSecret: CREDENTIAL_BLANKING_VALUE,
|
||||
accessToken: CREDENTIAL_EMPTY_VALUE,
|
||||
oauthTokenData: CREDENTIAL_BLANKING_VALUE,
|
||||
csrfSecret: CREDENTIAL_BLANKING_VALUE,
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
|
@ -407,7 +407,7 @@ export class CredentialsService {
|
|||
|
||||
for (const dataKey of Object.keys(copiedData)) {
|
||||
// The frontend only cares that this value isn't falsy.
|
||||
if (dataKey === 'oauthTokenData') {
|
||||
if (dataKey === 'oauthTokenData' || dataKey === 'csrfSecret') {
|
||||
if (copiedData[dataKey].toString().length > 0) {
|
||||
copiedData[dataKey] = CREDENTIAL_BLANKING_VALUE;
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue