X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b01138f2ed3b666fd6075a6d77caddb5d5ca91e1..7213d3096cdb5d5e03b559a04f88fcd22a835076:/services/api/test/unit/log_test.rb

diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index 22808c5ed6..fd71576dfe 100644
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -9,7 +9,7 @@ class LogTest < ActiveSupport::TestCase
     :destroy => [nil, :assert_not_nil, :assert_nil],
   }
 
-  def setup
+  setup do
     @start_time = Time.now
     @log_count = 1
   end
@@ -54,12 +54,13 @@ class LogTest < ActiveSupport::TestCase
     yield props if block_given?
   end
 
-  def assert_auth_logged_with_clean_properties(auth, event_type)
-    assert_logged(auth, event_type) do |props|
-      ['old_attributes', 'new_attributes'].map { |k| props[k] }.compact
-        .each do |attributes|
-        refute_includes(attributes, 'api_token',
-                        "auth log properties include sensitive API token")
+  def assert_logged_with_clean_properties(obj, event_type, excluded_attr)
+    assert_logged(obj, event_type) do |props|
+      ['old_attributes', 'new_attributes'].map do |logattr|
+        attributes = props[logattr]
+        next if attributes.nil?
+        refute_includes(attributes, excluded_attr,
+                        "log #{logattr} includes #{excluded_attr}")
       end
       yield props if block_given?
     end
@@ -224,12 +225,12 @@ class LogTest < ActiveSupport::TestCase
     auth.user = users(:spectator)
     auth.api_client = api_clients(:untrusted)
     auth.save!
-    assert_auth_logged_with_clean_properties(auth, :create)
+    assert_logged_with_clean_properties(auth, :create, 'api_token')
     auth.expires_at = Time.now
     auth.save!
-    assert_auth_logged_with_clean_properties(auth, :update)
+    assert_logged_with_clean_properties(auth, :update, 'api_token')
     auth.destroy
-    assert_auth_logged_with_clean_properties(auth, :destroy)
+    assert_logged_with_clean_properties(auth, :destroy, 'api_token')
   end
 
   test "use ownership and permission links to determine which logs a user can see" do
@@ -269,4 +270,40 @@ class LogTest < ActiveSupport::TestCase
       refute_includes result_ids, logs(notwant).id
     end
   end
+
+  test "non-empty configuration.unlogged_attributes" do
+    Rails.configuration.unlogged_attributes = ["manifest_text"]
+    txt = ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo\n"
+
+    act_as_system_user do
+      coll = Collection.create(manifest_text: txt)
+      assert_logged_with_clean_properties(coll, :create, 'manifest_text')
+      coll.name = "testing"
+      coll.save!
+      assert_logged_with_clean_properties(coll, :update, 'manifest_text')
+      coll.destroy
+      assert_logged_with_clean_properties(coll, :destroy, 'manifest_text')
+    end
+  end
+
+  test "empty configuration.unlogged_attributes" do
+    Rails.configuration.unlogged_attributes = []
+    txt = ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo\n"
+
+    act_as_system_user do
+      coll = Collection.create(manifest_text: txt)
+      assert_logged(coll, :create) do |props|
+        assert_equal(txt, props['new_attributes']['manifest_text'])
+      end
+      coll.update_attributes!(name: "testing")
+      assert_logged(coll, :update) do |props|
+        assert_equal(txt, props['old_attributes']['manifest_text'])
+        assert_equal(txt, props['new_attributes']['manifest_text'])
+      end
+      coll.destroy
+      assert_logged(coll, :destroy) do |props|
+        assert_equal(txt, props['old_attributes']['manifest_text'])
+      end
+    end
+  end
 end