mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-17 18:12:04 +00:00
fix(HTTP Request Node): Do not modify request object when sanitizing message for UI (#10923)
This commit is contained in:
Michael Kret
@@ -1,11 +1,12 @@
|
|||||||
import type { SecureContextOptions } from 'tls';
|
import type { SecureContextOptions } from 'tls';
|
||||||
import type {
|
import {
|
||||||
ICredentialDataDecryptedObject,
|
deepCopy,
|
||||||
IDataObject,
|
type ICredentialDataDecryptedObject,
|
||||||
INodeExecutionData,
|
type IDataObject,
|
||||||
INodeProperties,
|
type INodeExecutionData,
|
||||||
IOAuth2Options,
|
type INodeProperties,
|
||||||
IRequestOptions,
|
type IOAuth2Options,
|
||||||
|
type IRequestOptions,
|
||||||
} from 'n8n-workflow';
|
} from 'n8n-workflow';
|
||||||
|
|
||||||
import set from 'lodash/set';
|
import set from 'lodash/set';
|
||||||
@@ -60,7 +61,12 @@ export function sanitizeUiMessage(
|
|||||||
authDataKeys: IAuthDataSanitizeKeys,
|
authDataKeys: IAuthDataSanitizeKeys,
|
||||||
secrets?: string[],
|
secrets?: string[],
|
||||||
) {
|
) {
|
||||||
let sendRequest = request as unknown as IDataObject;
|
const { body, ...rest } = request as IDataObject;
|
||||||
|
|
||||||
|
let sendRequest: IDataObject = { body };
|
||||||
|
for (const [key, value] of Object.entries(rest)) {
|
||||||
|
sendRequest[key] = deepCopy(value);
|
||||||
|
}
|
||||||
|
|
||||||
// Protect browser from sending large binary data
|
// Protect browser from sending large binary data
|
||||||
if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
|
if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
|
||||||
|
|||||||
@@ -93,7 +93,7 @@ describe('HTTP Node Utils', () => {
|
|||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should remove keys that contain sensitive data', async () => {
|
it('should remove keys that contain sensitive data and do not modify requestOptions', async () => {
|
||||||
const requestOptions: IRequestOptions = {
|
const requestOptions: IRequestOptions = {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
uri: 'https://example.com',
|
uri: 'https://example.com',
|
||||||
@@ -115,6 +115,14 @@ describe('HTTP Node Utils', () => {
|
|||||||
method: 'POST',
|
method: 'POST',
|
||||||
uri: 'https://example.com',
|
uri: 'https://example.com',
|
||||||
});
|
});
|
||||||
|
|
||||||
|
expect(requestOptions).toEqual({
|
||||||
|
method: 'POST',
|
||||||
|
uri: 'https://example.com',
|
||||||
|
body: { sessionToken: 'secret', other: 'foo' },
|
||||||
|
headers: { authorization: 'secret', other: 'foo' },
|
||||||
|
auth: { user: 'user', password: 'secret' },
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should remove secrets', async () => {
|
it('should remove secrets', async () => {
|
||||||
@@ -125,7 +133,9 @@ describe('HTTP Node Utils', () => {
|
|||||||
headers: { authorization: 'secretAccessToken', other: 'foo' },
|
headers: { authorization: 'secretAccessToken', other: 'foo' },
|
||||||
};
|
};
|
||||||
|
|
||||||
expect(sanitizeUiMessage(requestOptions, {}, ['secretAccessToken'])).toEqual({
|
const sanitizedRequest = sanitizeUiMessage(requestOptions, {}, ['secretAccessToken']);
|
||||||
|
|
||||||
|
expect(sanitizedRequest).toEqual({
|
||||||
body: {
|
body: {
|
||||||
nested: {
|
nested: {
|
||||||
secret: REDACTED,
|
secret: REDACTED,
|
||||||
|
|||||||
Reference in New Issue
Block a user