fix: use logger filtering primarily

forcedotcom · May 15, 2024 · 0ea16f0 · 0ea16f0 · svc-cli-bot · May 15, 2024
1 parent bd30407
commit 0ea16f0
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 28 deletions.
diff --git a/src/logger/filters.ts b/src/logger/filters.ts
@@ -35,6 +35,7 @@ const FILTERED_KEYS: FilteredKeyDefinition[] = [
   // Any json attribute that contains the words "refresh" and "token" will have the attribute/value hidden
   { name: 'refresh_token', regex: 'refresh[^\'"]*token' },
   { name: 'clientsecret' },
+  { name: 'authcode' },
 ];
 
 const FILTERED_KEYS_FOR_PROCESSING: FilteredKeyForProcessing[] = FILTERED_KEYS.map((key) => ({

diff --git a/src/org/authInfo.ts b/src/org/authInfo.ts
@@ -35,6 +35,7 @@ import { Logger } from '../logger/logger';
 import { SfError } from '../sfError';
 import { matchesAccessToken, trimTo15 } from '../util/sfdc';
 import { StateAggregator } from '../stateAggregator/stateAggregator';
+import { filterSecrets } from '../logger/filters';
 import { Messages } from '../messages';
 import { getLoginAudienceCombos, SfdcUrl } from '../util/sfdcUrl';
 import { Connection, SFDX_HTTP_HEADERS } from './connection';
@@ -1106,22 +1107,13 @@ export class AuthInfo extends AsyncOptionalCreatable<AuthInfo.Options> {
       this.logger.info(`Exchanging auth code for access token using loginUrl: ${options.loginUrl}`);
       authFields = await oauth2.requestToken(ensure(options.authCode));
     } catch (err) {
-      let error: SfError;
-      let errorMsg: string;
-      if (err instanceof Error) {
-        errorMsg = `${err.name}::${err.message}`;
-        error = SfError.create({
-          message: errorMsg,
-          name: 'AuthCodeExchangeError',
-          cause: err,
-        });
-      } else {
-        error = SfError.wrap(err);
-        errorMsg = error.message;
-      }
-      error.message = messages.getMessage('authCodeExchangeError', [errorMsg]);
-      error.setData(getRedactedErrData(options));
-      throw error;
+      const msg = err instanceof Error ? `${err.name}::${err.message}` : typeof err === 'string' ? err : 'UNKNOWN';
+      throw SfError.create({
+        message: messages.getMessage('authCodeExchangeError', [msg]),
+        name: 'AuthCodeExchangeError',
+        ...(err instanceof Error ? { cause: err } : {}),
+        data: getRedactedErrData(options),
+      });
     }
 
     const { orgId } = parseIdUrl(authFields.id);
@@ -1258,18 +1250,14 @@ export class AuthInfo extends AsyncOptionalCreatable<AuthInfo.Options> {
 }
 
 const getRedactedErrData = (options: JwtOAuth2Config): AnyJson => {
-  const keysToRedact = ['privateKey', 'privateKeyFile', 'authCode', 'refreshToken', 'username', 'clientSecret'];
-  const oauth2OptionsKeys = Object.getOwnPropertyNames(options);
-  return oauth2OptionsKeys.map((k) => {
-    if (keysToRedact.includes(k)) {
-      // @ts-expect-error no index signature with a parameter of type 'string' was found on type JwtOAuth2Config
-      return options[k] ? `${k}:'<REDACTED>'` : `${k}:'<unset>'`;
-    } else if (k === 'clientId') {
-      return options[k] === 'PlatformCLI' ? `${k}:${options[k]}` : `${k}:'<REDACTED>'`;
-    }
-    // @ts-expect-error no index signature with a parameter of type 'string' was found on type JwtOAuth2Config
-    return `${k}:${options[k]}`;
-  });
+  const filteredData = filterSecrets(options) as JwtOAuth2Config;
+  // we need an object but it probably returned an array
+  const fData = (isArray(filteredData) ? filteredData[0] : filteredData) as JwtOAuth2Config;
+
+  if (fData?.clientId?.trim() !== 'PlatformCLI') {
+    fData.clientId = '<REDACTED CLIENT ID>';
+  }
+  return fData;
 };
 
 export namespace AuthInfo {

diff --git a/test/unit/logger/filterTest.ts b/test/unit/logger/filterTest.ts
@@ -19,6 +19,7 @@ describe('filters', () => {
   })}`;
   const obj1 = { accessToken: `${sid}`, refreshToken: `${sid}` };
   const obj2 = { key: 'Access Token', value: `${sid}` };
+  const obj3 = { authCode: 'authcode value' };
   const arr1 = [
     { key: 'ACCESS token ', value: `${sid}` },
     { key: 'refresh  TOKEN', value: `${sid}` },
@@ -59,6 +60,14 @@ describe('filters', () => {
     expect(bigString).to.contain('REDACTED ACCESS TOKEN');
   });
 
+  it('filters obj3 correctly', () => {
+    const result = getUnwrapped(obj3);
+    assert(result);
+    const bigString = JSON.stringify(result);
+    expect(bigString).to.not.contain('authCode value');
+    expect(bigString).to.contain('authcode - HIDDEN');
+  });
+
   it('filters arr1 correctly', () => {
     const result = getUnwrapped(arr1);
     assert(result);
Benchmark suite	Current: `0ea16f0`	Previous: `bd30407`	Ratio
`Child logger creation`	`468974` ops/sec (`±1.89%`)	`477878` ops/sec (`±1.74%`)	`1.02`
`Logging a string on root logger`	`835988` ops/sec (`±8.28%`)	`827420` ops/sec (`±7.06%`)	`0.99`
`Logging an object on root logger`	`587131` ops/sec (`±6.00%`)	`683565` ops/sec (`±8.53%`)	`1.16`
`Logging an object with a message on root logger`	`3196` ops/sec (`±228.93%`)	`3052` ops/sec (`±242.36%`)	`0.95`
`Logging an object with a redacted prop on root logger`	`420142` ops/sec (`±11.68%`)	`425483` ops/sec (`±13.37%`)	`1.01`
`Logging a nested 3-level object on root logger`	`379549` ops/sec (`±5.83%`)	`388307` ops/sec (`±7.81%`)	`1.02`
Benchmark suite	Current: `0ea16f0`	Previous: `bd30407`	Ratio
`Child logger creation`	`319275` ops/sec (`±0.64%`)	`324294` ops/sec (`±0.74%`)	`1.02`
`Logging a string on root logger`	`749631` ops/sec (`±5.29%`)	`795672` ops/sec (`±5.25%`)	`1.06`
`Logging an object on root logger`	`650717` ops/sec (`±6.40%`)	`599346` ops/sec (`±7.05%`)	`0.92`
`Logging an object with a message on root logger`	`5687` ops/sec (`±206.03%`)	`7653` ops/sec (`±201.35%`)	`1.35`
`Logging an object with a redacted prop on root logger`	`406254` ops/sec (`±13.46%`)	`470515` ops/sec (`±6.42%`)	`1.16`
`Logging a nested 3-level object on root logger`	`327752` ops/sec (`±4.92%`)	`327295` ops/sec (`±4.05%`)	`1.00`