feat(core): Add includeData parameter to GET /credentials (#12220)

Co-authored-by: r00gm <raul00gm@gmail.com>
2025-12-18 02:21:13 +00:00 · 2024-12-31 13:04:37 +01:00
parent 096329db51
commit f56ad8cf49
15 changed files with 526 additions and 66 deletions
--- a/packages/cli/src/credentials/tests/credentials.service.test.ts
+++ b/packages/cli/src/credentials/tests/credentials.service.test.ts
@@ -1,5 +1,6 @@
 import { mock } from 'jest-mock-extended';
 import { nanoId, date } from 'minifaker';
+import { Credentials } from 'n8n-core';
 import { CREDENTIAL_EMPTY_VALUE, type ICredentialType } from 'n8n-workflow';

 import { CREDENTIAL_BLANKING_VALUE } from '@/constants';
@@ -30,6 +31,7 @@ describe('CredentialsService', () => {
 			},
 		],
 	});
+
 	const credentialTypes = mock<CredentialTypes>();
 	const service = new CredentialsService(
 		mock(),
@@ -61,7 +63,7 @@ describe('CredentialsService', () => {
 				csrfSecret: 'super-secret',
 			};

-			credentialTypes.getByName.calledWith(credential.type).mockReturnValue(credType);
+			credentialTypes.getByName.calledWith(credential.type).mockReturnValueOnce(credType);

 			const redactedData = service.redact(decryptedData, credential);

@@ -137,4 +139,60 @@ describe('CredentialsService', () => {
 			});
 		});
 	});
+
+	describe('decrypt', () => {
+		it('should redact sensitive values by default', () => {
+			// ARRANGE
+			const data = {
+				clientId: 'abc123',
+				clientSecret: 'sensitiveSecret',
+				accessToken: '',
+				oauthTokenData: 'super-secret',
+				csrfSecret: 'super-secret',
+			};
+			const credential = mock<CredentialsEntity>({
+				id: '123',
+				name: 'Test Credential',
+				type: 'oauth2',
+			});
+			jest.spyOn(Credentials.prototype, 'getData').mockReturnValueOnce(data);
+			credentialTypes.getByName.calledWith(credential.type).mockReturnValueOnce(credType);
+
+			// ACT
+			const redactedData = service.decrypt(credential);
+
+			// ASSERT
+			expect(redactedData).toEqual({
+				clientId: 'abc123',
+				clientSecret: CREDENTIAL_BLANKING_VALUE,
+				accessToken: CREDENTIAL_EMPTY_VALUE,
+				oauthTokenData: CREDENTIAL_BLANKING_VALUE,
+				csrfSecret: CREDENTIAL_BLANKING_VALUE,
+			});
+		});
+
+		it('should return sensitive values if `includeRawData` is true', () => {
+			// ARRANGE
+			const data = {
+				clientId: 'abc123',
+				clientSecret: 'sensitiveSecret',
+				accessToken: '',
+				oauthTokenData: 'super-secret',
+				csrfSecret: 'super-secret',
+			};
+			const credential = mock<CredentialsEntity>({
+				id: '123',
+				name: 'Test Credential',
+				type: 'oauth2',
+			});
+			jest.spyOn(Credentials.prototype, 'getData').mockReturnValueOnce(data);
+			credentialTypes.getByName.calledWith(credential.type).mockReturnValueOnce(credType);
+
+			// ACT
+			const redactedData = service.decrypt(credential, true);
+
+			// ASSERT
+			expect(redactedData).toEqual(data);
+		});
+	});
 });