Skip to content

Commit 461309f

Browse files
author
Kai Song
committed
Apply mask on email address from user info MSALDisplayableUserIdKey
1 parent 3159581 commit 461309f

File tree

2 files changed

+76
-2
lines changed

2 files changed

+76
-2
lines changed

IdentityCore/src/logger/MSIDMaskedLogParameter.m

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,28 @@ - (NSString *)noMaskWithCondition
116116
if ([self.parameterValue isKindOfClass:[NSError class]])
117117
{
118118
NSError *errorParameter = (NSError *)self.parameterValue;
119-
return [NSString stringWithFormat:@"MaskedError(%@, %ld)", errorParameter.domain, (long)errorParameter.code];
119+
if (errorParameter.userInfo && errorParameter.userInfo.allKeys.count > 0)
120+
{
121+
NSString *emailRegex = @"[A-Z0-9a-z._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,64}";
122+
NSPredicate *emailPredicate = [NSPredicate predicateWithFormat:@"SELF MATCHES %@", emailRegex];
123+
BOOL maskedError = NO;
124+
NSMutableDictionary *localUserInfo = [errorParameter.userInfo mutableCopy];
125+
for (NSErrorUserInfoKey key in errorParameter.userInfo)
126+
{
127+
if ([errorParameter.userInfo[key] isKindOfClass:NSString.class])
128+
{
129+
if ([emailPredicate evaluateWithObject:errorParameter.userInfo[key]])
130+
{
131+
localUserInfo[key] = _PII_NULLIFY(errorParameter.userInfo[key]);
132+
maskedError = YES;
133+
}
134+
}
135+
}
136+
if (maskedError)
137+
{
138+
return [NSString stringWithFormat:@"MaskedError(%@, %ld, %@)", errorParameter.domain, (long)errorParameter.code, localUserInfo];
139+
}
140+
}
120141
}
121142

122143
return [NSString stringWithFormat:@"%@", self.parameterValue]; // For a generic case, don't mask it

IdentityCore/tests/MSIDMaskedLogParameterTests.m

Lines changed: 54 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ - (void)testDescription_whenPIIDisabled_andParameterOfErrorType_shouldReturnMask
6666
XCTAssertEqualObjects(description, @"MaskedError(MSIDErrorDomain, -10003)");
6767
}
6868

69-
- (void)testDescription_whenPIIEnabled_andParameterOfErrorType_shouldReturnNonMaskedValue
69+
- (void)testDescription_whenPIIEnabled_andParameterOfErrorType_andWithoutUpn_shouldReturnNonMaskedValue
7070
{
7171
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskSecretsOnly;
7272
NSError *error = MSIDCreateError(MSIDErrorDomain, -10003, @"test", @"invalid_grant", @"bad_token", nil, nil, nil, NO);
@@ -75,6 +75,23 @@ - (void)testDescription_whenPIIEnabled_andParameterOfErrorType_shouldReturnNonMa
7575
XCTAssertEqualObjects(description, @"Error Domain=MSIDErrorDomain Code=-10003 \"(null)\" UserInfo={MSIDOAuthErrorKey=invalid_grant, MSIDOAuthSubErrorKey=bad_token, MSIDErrorDescriptionKey=test}");
7676
}
7777

78+
- (void)testDescription_whenPIIEnabled_andParameterOfErrorType_andWithUpn_shouldReturnNonMaskedValue_butUpnMasked
79+
{
80+
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskSecretsOnly;
81+
NSError *error = MSIDCreateError(MSIDErrorDomain, -10003, @"test", @"invalid_grant", @"bad_token", nil, nil, @{@"MSALDisplayableUserIdKey":@"[email protected]"}, NO);
82+
MSIDMaskedLogParameter *logParameter = [[MSIDMaskedLogParameter alloc] initWithParameterValue:error];
83+
NSString *description = [logParameter description];
84+
NSString *expectedDescription = [NSString stringWithFormat:
85+
@"MaskedError(MSIDErrorDomain, -10003, {\n"
86+
" MSALDisplayableUserIdKey = \"%@\";\n"
87+
" MSIDErrorDescriptionKey = %@;\n"
88+
" MSIDOAuthErrorKey = \"%@\";\n"
89+
" MSIDOAuthSubErrorKey = \"%@\";\n"
90+
"})",
91+
@"(not-null)", @"test", @"invalid_grant", @"bad_token"];
92+
XCTAssertEqualObjects(description, expectedDescription);
93+
}
94+
7895
- (void)testDescription_whenPIIDisabled_andParameterOfNSNullType_shouldReturnMaskedValue
7996
{
8097
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskAllPII;
@@ -109,4 +126,40 @@ - (void)testDescription_whenPIIEnabled_andNilParameter_shouldReturnMaskedValue
109126
XCTAssertEqualObjects(description, @"(null)");
110127
}
111128

129+
- (void)testDescription_whenEuiiOnlyEnabled_andNotEuii_andParameterOfErrorType_andWithoutUpn_shouldReturnNonMaskedValue
130+
{
131+
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskEUIIOnly;
132+
NSError *error = MSIDCreateError(MSIDErrorDomain, -10003, @"test", @"invalid_grant", @"bad_token", nil, nil, nil, NO);
133+
MSIDMaskedLogParameter *logParameter = [[MSIDMaskedLogParameter alloc] initWithParameterValue:error];
134+
NSString *description = [logParameter description];
135+
XCTAssertEqualObjects(description, @"Error Domain=MSIDErrorDomain Code=-10003 \"(null)\" UserInfo={MSIDOAuthErrorKey=invalid_grant, MSIDOAuthSubErrorKey=bad_token, MSIDErrorDescriptionKey=test}");
136+
}
137+
138+
- (void)testDescription_whenEuiiOnlyEnabled_andNotEuii_andParameterOfErrorType_andWitUpn_shouldReturnNonMaskedValue_butUpnMasked
139+
{
140+
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskEUIIOnly;
141+
NSError *error = MSIDCreateError(MSIDErrorDomain, -10003, @"test", @"invalid_grant", @"bad_token", nil, nil, @{@"MSALDisplayableUserIdKey":@"[email protected]"}, NO);
142+
MSIDMaskedLogParameter *logParameter = [[MSIDMaskedLogParameter alloc] initWithParameterValue:error];
143+
NSString *description = [logParameter description];
144+
NSString *expectedDescription = [NSString stringWithFormat:
145+
@"MaskedError(MSIDErrorDomain, -10003, {\n"
146+
" MSALDisplayableUserIdKey = \"%@\";\n"
147+
" MSIDErrorDescriptionKey = %@;\n"
148+
" MSIDOAuthErrorKey = \"%@\";\n"
149+
" MSIDOAuthSubErrorKey = \"%@\";\n"
150+
"})",
151+
@"(not-null)", @"test", @"invalid_grant", @"bad_token"];
152+
XCTAssertEqualObjects(description, expectedDescription);
153+
}
154+
155+
- (void)testDescription_whenEuiiOnlyEnabled_andIsEuii_andParameterOfErrorType_andWitUpn_shouldReturnMaskedValue
156+
{
157+
[MSIDLogger sharedLogger].logMaskingLevel = MSIDLogMaskingSettingsMaskEUIIOnly;
158+
NSError *error = MSIDCreateError(MSIDErrorDomain, -10003, @"test", @"invalid_grant", @"bad_token", nil, nil, @{@"MSALDisplayableUserIdKey":@"[email protected]"}, NO);
159+
MSIDMaskedLogParameter *logParameter = [[MSIDMaskedLogParameter alloc] initWithParameterValue:error isEUII:YES];
160+
NSString *description = [logParameter description];
161+
XCTAssertEqualObjects(description, @"MaskedError(MSIDErrorDomain, -10003)");
162+
163+
}
164+
112165
@end

0 commit comments

Comments
 (0)