Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-31 00:16:47 +01:00
Code Issues Projects Releases Wiki Activity

fix: anonymize email in event payload (#3672)

Browse Source 
Context:
https://unleash-internal.slack.com/archives/C048ELND3QD/p1683097636083299

We should also anonymize email fields in `data` and `preData` of event
objects when `anonymiseEventLog` is enabled.


![image](https://user-images.githubusercontent.com/14320932/235862643-b59a3f8d-9bc6-4b22-816b-9bc7a0577bfc.png)
This commit is contained in:
Nuno Góis 2023-05-03 10:46:33 +01:00 committed by GitHub
parent bf1e65aa3f
commit fb999e6a74
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/lib/routes/admin-api/event.ts
View File

@ -111,6 +111,20 @@ export default class EventController extends Controller {
return events.map((e: IEvent) => ({ return events.map((e: IEvent) => ({
...e, ...e,
createdBy: anonymise(e.createdBy), createdBy: anonymise(e.createdBy),
data:
e.data && 'email' in e.data
? {
...e.data,
email: anonymise(e.data.email),
}
: e.data,
preData:
e.preData && 'email' in e.preData
? {
...e.preData,
email: anonymise(e.preData.email),
}
: e.preData,
})); }));
} }
return events; return events;

35
src/lib/routes/admin-api/events.test.ts
View File

@ -5,7 +5,11 @@ import { createTestConfig } from '../../../test/config/test-config';
import createStores from '../../../test/fixtures/store'; import createStores from '../../../test/fixtures/store';
import getApp from '../../app'; import getApp from '../../app';
import { FeatureCreatedEvent } from '../../types/events'; import {
FeatureCreatedEvent,
ProjectUserAddedEvent,
ProjectUserRemovedEvent,
} from '../../types/events';
async function getSetup(anonymise: boolean = false) { async function getSetup(anonymise: boolean = false) {
const base = `/random${Math.round(Math.random() * 1000)}`; const base = `/random${Math.round(Math.random() * 1000)}`;
@ -71,3 +75,32 @@ test('should anonymise events list via admin', async () => {
expect(body.events.length).toBe(1); expect(body.events.length).toBe(1);
expect(body.events[0].createdBy).toBe('676212ff7@unleash.run'); expect(body.events[0].createdBy).toBe('676212ff7@unleash.run');
}); });
test('should also anonymise email fields in data and preData properties', async () => {
const email1 = 'test1@email.com';
const email2 = 'test2@email.com';
const { request, base, eventStore } = await getSetup(true);
eventStore.store(
new ProjectUserAddedEvent({
createdBy: 'some@email.com',
data: { name: 'test', project: 'default', email: email1 },
project: 'default',
}),
);
eventStore.store(
new ProjectUserRemovedEvent({
createdBy: 'some@email.com',
preData: { name: 'test', project: 'default', email: email2 },
project: 'default',
}),
);
const { body } = await request
.get(`${base}/api/admin/events`)
.expect('Content-Type', /json/)
.expect(200);
expect(body.events.length).toBe(2);
expect(body.events[0].data.email).not.toBe(email1);
expect(body.events[1].preData.email).not.toBe(email2);
});