Merge branch 'security-mask-sentry-token-12-4-ce' into '12-4-stable'

Mask Sentry auth token See merge request gitlab/gitlabhq!3504
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-25 20:40:22 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-25 20:40:22 +0300
commit: 8b69a3964e6daefcdd11be6ddaa8f51a870b62f6 (patch)
tree: 8a44210ac23a891a05437517d1f03392a240c8ee /app
parent: 4f3324982038cfd26ad9326d519e8a6d7a12d992 (diff)
parent: 5c072495284de9aae26b1efcefcefc1d8571065a (diff)
3 files changed, 13 insertions, 4 deletions
diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb
index 8d08f0cda94..92d4ef85ecf 100644
--- a/app/services/error_tracking/list_projects_service.rb
+++ b/app/services/error_tracking/list_projects_service.rb
@@ -32,7 +32,7 @@ module ErrorTracking
           project_slug: 'proj'
         )
 
-        setting.token = params[:token]
+        setting.token = token(setting)
         setting.enabled = true
       end
     end
@@ -40,5 +40,12 @@ module ErrorTracking
     def can_read?
       can?(current_user, :read_sentry_issue, project)
     end
+
+    def token(setting)
+      # Use param token if not masked, otherwise use database token
+      return params[:token] unless /\A\*+\z/.match?(params[:token])
+
+      setting.token
+    end
   end
 end
diff --git a/app/services/projects/operations/update_service.rb b/app/services/projects/operations/update_service.rb
index 64519501ff4..0ca89664304 100644
--- a/app/services/projects/operations/update_service.rb
+++ b/app/services/projects/operations/update_service.rb
@@ -36,15 +36,17 @@ module Projects
           organization_slug: settings.dig(:project, :organization_slug)
         )
 
-        {
+        params = {
           error_tracking_setting_attributes: {
             api_url: api_url,
-            token: settings[:token],
             enabled: settings[:enabled],
             project_name: settings.dig(:project, :name),
             organization_name: settings.dig(:project, :organization_name)
           }
         }
+        params[:error_tracking_setting_attributes][:token] = settings[:token] unless /\A\*+\z/.match?(settings[:token]) # Don't update token if we receive masked value
+
+        params
       end
 
       def grafana_integration_params
diff --git a/app/views/projects/settings/operations/_error_tracking.html.haml b/app/views/projects/settings/operations/_error_tracking.html.haml
index 583fc08f375..589d3037eba 100644
--- a/app/views/projects/settings/operations/_error_tracking.html.haml
+++ b/app/views/projects/settings/operations/_error_tracking.html.haml
@@ -17,4 +17,4 @@
         project: error_tracking_setting_project_json,
         api_host: setting.api_host,
         enabled: setting.enabled.to_json,
-        token: setting.token } }
+        token: setting.token.present? ? '*' * 12 : nil } }
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-25 20:40:22 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-25 20:40:22 +0300
commit	8b69a3964e6daefcdd11be6ddaa8f51a870b62f6 (patch)
tree	8a44210ac23a891a05437517d1f03392a240c8ee /app
parent	4f3324982038cfd26ad9326d519e8a6d7a12d992 (diff)
parent	5c072495284de9aae26b1efcefcefc1d8571065a (diff)