Merge branch 'main' into cristi/w-15634761

forcedotcom · May 29, 2024 · 1e09e45 · 1e09e45 · svc-cli-bot · May 29, 2024
2 parents bc6e981 + 2534323
commit 1e09e45
Show file tree

Hide file tree

Showing 7 changed files with 119 additions and 27 deletions.
diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml
@@ -22,6 +22,8 @@ jobs:
         with:
           cache: yarn
       - uses: salesforcecli/github-workflows/.github/actions/yarnInstallWithRetries@main
+        with:
+          ignore-scripts: true
       - run: yarn build
       - run: npm run test:perf | tee test/perf/output.txt
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,30 @@
+## [7.3.9](https://github.com/forcedotcom/sfdx-core/compare/7.3.8...7.3.9) (2024-05-19)
+
+
+### Bug Fixes
+
+* **deps:** bump @salesforce/schemas from 1.7.0 to 1.9.0 ([0e3e42d](https://github.com/forcedotcom/sfdx-core/commit/0e3e42daf8d7bc0b03db32763a00963a84bb8854))
+
+
+
+## [7.3.8](https://github.com/forcedotcom/sfdx-core/compare/7.3.7...7.3.8) (2024-05-16)
+
+
+### Bug Fixes
+
+* use PlatformCLI not Platform CLI ([#1073](https://github.com/forcedotcom/sfdx-core/issues/1073)) ([281488f](https://github.com/forcedotcom/sfdx-core/commit/281488fb91620a2af062a8c8822fda5b909951a3))
+
+
+
+## [7.3.7](https://github.com/forcedotcom/sfdx-core/compare/7.3.6...7.3.7) (2024-05-16)
+
+
+### Bug Fixes
+
+* add oauth options data to auth code exchange errors ([#1068](https://github.com/forcedotcom/sfdx-core/issues/1068)) ([ea859ed](https://github.com/forcedotcom/sfdx-core/commit/ea859edee8f6ff8b068433d66bd9606f1278b776))
+
+
+
 ## [7.3.6](https://github.com/forcedotcom/sfdx-core/compare/7.3.5...7.3.6) (2024-05-12)
 
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/core",
-  "version": "7.3.6",
+  "version": "7.3.9",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
   "main": "lib/index",
   "types": "lib/index.d.ts",
@@ -54,7 +54,7 @@
   "dependencies": {
     "@jsforce/jsforce-node": "^3.2.0",
     "@salesforce/kit": "^3.1.1",
-    "@salesforce/schemas": "^1.7.0",
+    "@salesforce/schemas": "^1.9.0",
     "@salesforce/ts-types": "^2.0.9",
     "ajv": "^8.13.0",
     "change-case": "^4.1.2",

diff --git a/src/logger/filters.ts b/src/logger/filters.ts
@@ -35,6 +35,7 @@ const FILTERED_KEYS: FilteredKeyDefinition[] = [
   // Any json attribute that contains the words "refresh" and "token" will have the attribute/value hidden
   { name: 'refresh_token', regex: 'refresh[^\'"]*token' },
   { name: 'clientsecret' },
+  { name: 'authcode' },
 ];
 
 const FILTERED_KEYS_FOR_PROCESSING: FilteredKeyForProcessing[] = FILTERED_KEYS.map((key) => ({
@@ -60,6 +61,11 @@ const replacementFunctions = FILTERED_KEYS_FOR_PROCESSING.flatMap(
     input
       .replace(new RegExp(accessTokenRegex, 'g'), '<REDACTED ACCESS TOKEN>')
       .replace(new RegExp(sfdxAuthUrlRegex, 'g'), '<REDACTED AUTH URL TOKEN>'),
+  // conditional replacement for clientId: leave the value if it's the PlatformCLI, otherwise redact it
+  (input: string): string =>
+    input.replace(/(['"]client.*Id['"])\s*:\s*(['"][^'"]*['"])/gi, (all, key: string, value: string) =>
+      value.includes('PlatformCLI') ? `${key}:${value}` : `${key}:"<REDACTED CLIENT ID>"`
+    ),
 ]);
 
 const fullReplacementChain = compose(...replacementFunctions);

diff --git a/src/org/authInfo.ts b/src/org/authInfo.ts
@@ -35,6 +35,7 @@ import { Logger } from '../logger/logger';
 import { SfError } from '../sfError';
 import { matchesAccessToken, trimTo15 } from '../util/sfdc';
 import { StateAggregator } from '../stateAggregator/stateAggregator';
+import { filterSecrets } from '../logger/filters';
 import { Messages } from '../messages';
 import { getLoginAudienceCombos, SfdcUrl } from '../util/sfdcUrl';
 import { Connection, SFDX_HTTP_HEADERS } from './connection';
@@ -1106,7 +1107,14 @@ export class AuthInfo extends AsyncOptionalCreatable<AuthInfo.Options> {
       this.logger.info(`Exchanging auth code for access token using loginUrl: ${options.loginUrl}`);
       authFields = await oauth2.requestToken(ensure(options.authCode));
     } catch (err) {
-      throw messages.createError('authCodeExchangeError', [(err as Error).message]);
+      const msg = err instanceof Error ? `${err.name}::${err.message}` : typeof err === 'string' ? err : 'UNKNOWN';
+      const redacted = filterSecrets(options);
+      throw SfError.create({
+        message: messages.getMessage('authCodeExchangeError', [msg]),
+        name: 'AuthCodeExchangeError',
+        ...(err instanceof Error ? { cause: err } : {}),
+        data: (isArray(redacted) ? redacted[0] : redacted) as JwtOAuth2Config,
+      });
     }
 
     const { orgId } = parseIdUrl(authFields.id);

diff --git a/test/unit/logger/filterTest.ts b/test/unit/logger/filterTest.ts
@@ -17,18 +17,6 @@ describe('filters', () => {
     // eslint-disable-next-line camelcase
     access_token: sid,
   })}`;
-  const obj1 = { accessToken: `${sid}`, refreshToken: `${sid}` };
-  const obj2 = { key: 'Access Token', value: `${sid}` };
-  const arr1 = [
-    { key: 'ACCESS token ', value: `${sid}` },
-    { key: 'refresh  TOKEN', value: `${sid}` },
-    { key: 'Sfdx Auth Url', value: `${sid}` },
-  ];
-  const arr2 = [
-    { key: ' AcCESS 78token', value: ` ${sid} ` },
-    { key: ' refresh  _TOKEn ', value: ` ${sid} ` },
-    { key: ' SfdX__AuthUrl  ', value: ` ${sid} ` },
-  ];
 
   it(`filters ${simpleString} correctly`, () => {
     const result = getUnwrapped(simpleString);
@@ -42,25 +30,64 @@ describe('filters', () => {
     expect(result).to.contain('REDACTED ACCESS TOKEN');
   });
 
-  it('filters obj1 correctly', () => {
-    const result = getUnwrapped(obj1);
+  it('filters regular object correctly', () => {
+    const result = getUnwrapped({ accessToken: `${sid}`, refreshToken: `${sid}` });
     assert(result);
     const bigString = JSON.stringify(result);
     expect(bigString).to.not.contain(sid);
     expect(bigString).to.contain('REDACTED ACCESS TOKEN');
     expect(bigString).to.contain('refresh_token - HIDDEN');
   });
 
-  it('filters obj2 correctly', () => {
-    const result = getUnwrapped(obj2);
+  it('filters key/value object correctly', () => {
+    const result = getUnwrapped({ key: 'Access Token', value: `${sid}` });
     assert(result);
     const bigString = JSON.stringify(result);
     expect(bigString).to.not.contain(sid);
     expect(bigString).to.contain('REDACTED ACCESS TOKEN');
   });
 
-  it('filters arr1 correctly', () => {
-    const result = getUnwrapped(arr1);
+  it('filters auth code correctly', () => {
+    const result = getUnwrapped({ authCode: 'authcode value' });
+    assert(result);
+    const bigString = JSON.stringify(result);
+    expect(bigString).to.not.contain('authCode value');
+    expect(bigString).to.contain('authcode - HIDDEN');
+  });
+
+  describe('client id', () => {
+    it('filters clientId correctly', () => {
+      const result = getUnwrapped({ clientId: 'clientIdValue' });
+      assert(result);
+      const bigString = JSON.stringify(result);
+      expect(bigString).to.not.contain('clientIdValue');
+      expect(bigString).to.contain('REDACTED CLIENT ID');
+    });
+
+    it('filters clientId correctly (case insensitive)', () => {
+      const result = getUnwrapped({ ClientId: 'clientIdValue' });
+      assert(result);
+      const bigString = JSON.stringify(result);
+      expect(bigString).to.not.contain('clientIdValue');
+      expect(bigString).to.contain('REDACTED CLIENT ID');
+    });
+
+    it('filters clientId correctly (separator)', () => {
+      // eslint-disable-next-line camelcase
+      const result = getUnwrapped({ Client_Id: 'clientIdValue' });
+      assert(result);
+      const bigString = JSON.stringify(result);
+      expect(bigString).to.not.contain('clientIdValue');
+      expect(bigString).to.contain('REDACTED CLIENT ID');
+    });
+  });
+
+  it('filters array correctly', () => {
+    const result = getUnwrapped([
+      { key: 'ACCESS token ', value: `${sid}` },
+      { key: 'refresh  TOKEN', value: `${sid}` },
+      { key: 'Sfdx Auth Url', value: `${sid}` },
+    ]);
     assert(result);
     assert(Array.isArray(result));
     const bigString = JSON.stringify(result);
@@ -70,8 +97,12 @@ describe('filters', () => {
     expect(bigString).to.contain('refresh_token - HIDDEN');
   });
 
-  it('filters arr2 correctly', () => {
-    const result = getUnwrapped(arr2);
+  it('filters another array correctly', () => {
+    const result = getUnwrapped([
+      { key: ' AcCESS 78token', value: ` ${sid} ` },
+      { key: ' refresh  _TOKEn ', value: ` ${sid} ` },
+      { key: ' SfdX__AuthUrl  ', value: ` ${sid} ` },
+    ]);
     assert(result);
     assert(Array.isArray(result));
     const bigString = JSON.stringify(result);
@@ -101,6 +132,24 @@ describe('filters', () => {
       expect(result).to.have.property('foo', 'bar');
       expect(result).to.have.property('accessToken').contains('REDACTED ACCESS TOKEN');
     });
+    describe('clientId', () => {
+      it('default connected app', () => {
+        const input = { clientId: 'PlatformCLI' };
+        const result = getUnwrapped(input);
+        expect(result).to.deep.equal(input);
+      });
+      it('default connected app (case insensitive)', () => {
+        const input = { ClientID: 'PlatformCLI' };
+        const result = getUnwrapped(input);
+        expect(result).to.deep.equal(input);
+      });
+      it('default connected app (case insensitive)', () => {
+        // eslint-disable-next-line camelcase
+        const input = { client_id: 'PlatformCLI' };
+        const result = getUnwrapped(input);
+        expect(result).to.deep.equal(input);
+      });
+    });
   });
 });
 

diff --git a/yarn.lock b/yarn.lock
@@ -587,10 +587,10 @@
   resolved "https://registry.yarnpkg.com/@salesforce/prettier-config/-/prettier-config-0.0.3.tgz#ba648d4886bb38adabe073dbea0b3a91b3753bb0"
   integrity sha512-hYOhoPTCSYMDYn+U1rlEk16PoBeAJPkrdg4/UtAzupM1mRRJOwEPMG1d7U8DxJFKuXW3DMEYWr2MwAIBDaHmFg==
 
-"@salesforce/schemas@^1.7.0":
-  version "1.7.0"
-  resolved "https://registry.yarnpkg.com/@salesforce/schemas/-/schemas-1.7.0.tgz#b7e0af3ee414ae7160bce351c0184d77ccb98fe3"
-  integrity sha512-Z0PiCEV55khm0PG+DsnRYCjaDmacNe3HDmsoSm/CSyYvJJm+D5vvkHKN9/PKD/gaRe8XAU836yfamIYFblLINw==
+"@salesforce/schemas@^1.9.0":
+  version "1.9.0"
+  resolved "https://registry.yarnpkg.com/@salesforce/schemas/-/schemas-1.9.0.tgz#ba477a112653a20b4edcf989c61c57bdff9aa3ca"
+  integrity sha512-LiN37zG5ODT6z70sL1fxF7BQwtCX9JOWofSU8iliSNIM+WDEeinnoFtVqPInRSNt8I0RiJxIKCrqstsmQRBNvA==
 
 "@salesforce/ts-sinon@^1.4.19":
   version "1.4.19"
Benchmark suite	Current: `1e09e45`	Previous: `b6e94da`	Ratio
`Child logger creation`	`468087` ops/sec (`±2.46%`)	`476733` ops/sec (`±1.70%`)	`1.02`
`Logging a string on root logger`	`845364` ops/sec (`±8.24%`)	`862215` ops/sec (`±6.69%`)	`1.02`
`Logging an object on root logger`	`605865` ops/sec (`±7.46%`)	`611321` ops/sec (`±6.01%`)	`1.01`
`Logging an object with a message on root logger`	`3194` ops/sec (`±234.56%`)	`3459` ops/sec (`±223.88%`)	`1.08`
`Logging an object with a redacted prop on root logger`	`375262` ops/sec (`±24.96%`)	`420286` ops/sec (`±7.51%`)	`1.12`
`Logging a nested 3-level object on root logger`	`379263` ops/sec (`±6.86%`)	`374799` ops/sec (`±8.06%`)	`0.99`
Benchmark suite	Current: `1e09e45`	Previous: `b6e94da`	Ratio
`Child logger creation`	`305769` ops/sec (`±2.10%`)	`334510` ops/sec (`±0.36%`)	`1.09`
`Logging a string on root logger`	`752376` ops/sec (`±6.36%`)	`756195` ops/sec (`±4.64%`)	`1.01`
`Logging an object on root logger`	`536686` ops/sec (`±7.72%`)	`573962` ops/sec (`±8.21%`)	`1.07`
`Logging an object with a message on root logger`	`9080` ops/sec (`±199.22%`)	`8957` ops/sec (`±198.87%`)	`0.99`
`Logging an object with a redacted prop on root logger`	`433736` ops/sec (`±12.27%`)	`419463` ops/sec (`±7.32%`)	`0.97`
`Logging a nested 3-level object on root logger`	`337251` ops/sec (`±5.42%`)	`308076` ops/sec (`±7.20%`)	`0.91`