Mask Sentry auth token

This makes it so we mask Sentry's auth token. This mask only occurs in the UI.
author: Ryan Cobb <rcobb@gitlab.com> 2019-10-08 01:07:18 +0300
committer: Ryan Cobb <rcobb@gitlab.com> 2019-10-24 21:06:40 +0300
commit: 5c072495284de9aae26b1efcefcefc1d8571065a (patch)
tree: 2f3a3d346cd352ee2df801371e8d1c5b11c1d1bc /spec
parent: 1425a56c75beecaa289ad59587d636f8f469509e (diff)
2 files changed, 34 insertions, 0 deletions
diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb
index 730fccc599e..a272a604184 100644
--- a/spec/services/error_tracking/list_projects_service_spec.rb
+++ b/spec/services/error_tracking/list_projects_service_spec.rb
@@ -50,6 +50,19 @@ describe ErrorTracking::ListProjectsService do
         end
       end
 
+      context 'masked param token' do
+        let(:params) { ActionController::Parameters.new(token: "*********", api_host: new_api_host) }
+
+        before do
+          expect(error_tracking_setting).to receive(:list_sentry_projects)
+            .and_return({ projects: [] })
+        end
+
+        it 'uses database token' do
+          expect { subject.execute }.not_to change { error_tracking_setting.token }
+        end
+      end
+
       context 'sentry client raises exception' do
         context 'Sentry::Client::Error' do
           before do
diff --git a/spec/services/projects/operations/update_service_spec.rb b/spec/services/projects/operations/update_service_spec.rb
index b2f9fd6df79..81d59a98b9b 100644
--- a/spec/services/projects/operations/update_service_spec.rb
+++ b/spec/services/projects/operations/update_service_spec.rb
@@ -145,6 +145,27 @@ describe Projects::Operations::UpdateService do
         end
       end
 
+      context 'with masked param token' do
+        let(:params) do
+          {
+            error_tracking_setting_attributes: {
+              enabled: false,
+              token: '*' * 8
+            }
+          }
+        end
+
+        before do
+          create(:project_error_tracking_setting, project: project, token: 'token')
+        end
+
+        it 'does not update token' do
+          expect(result[:status]).to eq(:success)
+
+          expect(project.error_tracking_setting.token).to eq('token')
+        end
+      end
+
       context 'with invalid parameters' do
         let(:params) { {} }
author	Ryan Cobb <rcobb@gitlab.com>	2019-10-08 01:07:18 +0300
committer	Ryan Cobb <rcobb@gitlab.com>	2019-10-24 21:06:40 +0300
commit	5c072495284de9aae26b1efcefcefc1d8571065a (patch)
tree	2f3a3d346cd352ee2df801371e8d1c5b11c1d1bc /spec
parent	1425a56c75beecaa289ad59587d636f8f469509e (diff)