mirror of
https://github.com/n8n-io/n8n.git
synced 2025-02-21 02:56:40 -08:00
fix(HTTP Request Node): Do not modify request object when sanitizing message for UI (#10923)
This commit is contained in:
Michael Kret
GitHub
parent
60ee0d4ce7
commit
8cc10cc2c1
|
|
@ -1,11 +1,12 @@
|
||||||
import type { SecureContextOptions } from 'tls';
|
import type { SecureContextOptions } from 'tls';
|
||||||
import type {
|
import {
|
||||||
ICredentialDataDecryptedObject,
|
deepCopy,
|
||||||
IDataObject,
|
type ICredentialDataDecryptedObject,
|
||||||
INodeExecutionData,
|
type IDataObject,
|
||||||
INodeProperties,
|
type INodeExecutionData,
|
||||||
IOAuth2Options,
|
type INodeProperties,
|
||||||
IRequestOptions,
|
type IOAuth2Options,
|
||||||
|
type IRequestOptions,
|
||||||
} from 'n8n-workflow';
|
} from 'n8n-workflow';
|
||||||
|
|
||||||
import set from 'lodash/set';
|
import set from 'lodash/set';
|
||||||
|
|
@ -60,7 +61,12 @@ export function sanitizeUiMessage(
|
||||||
authDataKeys: IAuthDataSanitizeKeys,
|
authDataKeys: IAuthDataSanitizeKeys,
|
||||||
secrets?: string[],
|
secrets?: string[],
|
||||||
) {
|
) {
|
||||||
let sendRequest = request as unknown as IDataObject;
|
const { body, ...rest } = request as IDataObject;
|
||||||
|
|
||||||
|
let sendRequest: IDataObject = { body };
|
||||||
|
for (const [key, value] of Object.entries(rest)) {
|
||||||
|
sendRequest[key] = deepCopy(value);
|
||||||
|
}
|
||||||
|
|
||||||
// Protect browser from sending large binary data
|
// Protect browser from sending large binary data
|
||||||
if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
|
if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ describe('HTTP Node Utils', () => {
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should remove keys that contain sensitive data', async () => {
|
it('should remove keys that contain sensitive data and do not modify requestOptions', async () => {
|
||||||
const requestOptions: IRequestOptions = {
|
const requestOptions: IRequestOptions = {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
uri: 'https://example.com',
|
uri: 'https://example.com',
|
||||||
|
|
@ -115,6 +115,14 @@ describe('HTTP Node Utils', () => {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
uri: 'https://example.com',
|
uri: 'https://example.com',
|
||||||
});
|
});
|
||||||
|
|
||||||
|
expect(requestOptions).toEqual({
|
||||||
|
method: 'POST',
|
||||||
|
uri: 'https://example.com',
|
||||||
|
body: { sessionToken: 'secret', other: 'foo' },
|
||||||
|
headers: { authorization: 'secret', other: 'foo' },
|
||||||
|
auth: { user: 'user', password: 'secret' },
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should remove secrets', async () => {
|
it('should remove secrets', async () => {
|
||||||
|
|
@ -125,7 +133,9 @@ describe('HTTP Node Utils', () => {
|
||||||
headers: { authorization: 'secretAccessToken', other: 'foo' },
|
headers: { authorization: 'secretAccessToken', other: 'foo' },
|
||||||
};
|
};
|
||||||
|
|
||||||
expect(sanitizeUiMessage(requestOptions, {}, ['secretAccessToken'])).toEqual({
|
const sanitizedRequest = sanitizeUiMessage(requestOptions, {}, ['secretAccessToken']);
|
||||||
|
|
||||||
|
expect(sanitizedRequest).toEqual({
|
||||||
body: {
|
body: {
|
||||||
nested: {
|
nested: {
|
||||||
secret: REDACTED,
|
secret: REDACTED,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue