Merge pull request #918 from swagger-api/issue-917

added maskPassword function

Author: fehguy

lib/types/operation.js

@@ -491,7 +491,7 @@ Operation.prototype.getHeaderParams = function (args) {
   return headers;
 };
 
-Operation.prototype.urlify = function (args) {
+Operation.prototype.urlify = function (args, maskPasswords) {
   var formParams = {};
   var requestUrl = this.path.replace(/#.*/, ''); // remove URL fragment
   var querystring = ''; // grab params from the args, build the querystring along the way
@@ -500,14 +500,19 @@ Operation.prototype.urlify = function (args) {
     var param = this.parameters[i];
 
     if (typeof args[param.name] !== 'undefined') {
+      var isPassword;
+      if(param.type === 'string' && param.format === 'password' && maskPasswords) {
+        isPassword = true;
+      }
+
       if (param.in === 'path') {
         var reg = new RegExp('\{' + param.name + '\}', 'gi');
         var value = args[param.name];
 
         if (Array.isArray(value)) {
-          value = this.encodePathCollection(param.collectionFormat, param.name, value);
+          value = this.encodePathCollection(param.collectionFormat, param.name, value, isPassword);
         } else {
-          value = this.encodePathParam(value);
+          value = this.encodePathParam(value, isPassword);
         }
 
         requestUrl = requestUrl.replace(reg, value);
@@ -522,12 +527,12 @@ Operation.prototype.urlify = function (args) {
           var qp = args[param.name];
 
           if (Array.isArray(qp)) {
-            querystring += this.encodeQueryCollection(param.collectionFormat, param.name, qp);
+            querystring += this.encodeQueryCollection(param.collectionFormat, param.name, qp, isPassword);
           } else {
-            querystring += this.encodeQueryKey(param.name) + '=' + this.encodeQueryParam(args[param.name]);
+            querystring += this.encodeQueryKey(param.name) + '=' + this.encodeQueryParam(args[param.name], isPassword);
           }
         } else {
-          querystring += this.encodeQueryKey(param.name) + '=' + this.encodeQueryParam(args[param.name]);
+          querystring += this.encodeQueryKey(param.name) + '=' + this.encodeQueryParam(args[param.name], isPassword);
         }
       } else if (param.in === 'formData') {
         formParams[param.name] = args[param.name];
@@ -835,7 +840,7 @@ Operation.prototype.execute = function (arg1, arg2, arg3, arg4, parent) {
   for (attrname in contentTypeHeaders) { headers[attrname] = contentTypeHeaders[attrname]; }
 
   var body = this.getBody(contentTypeHeaders, args, opts);
-  var url = this.urlify(args);
+  var url = this.urlify(args, opts.maskPasswords);
 
   if(url.indexOf('.{format}') > 0) {
     if(headers) {
@@ -1017,7 +1022,7 @@ Operation.prototype.matchesAccept = function(accepts) {
 };
 
 Operation.prototype.asCurl = function (args1, args2) {
-  var opts = {mock: true};
+  var opts = {mock: true, maskPasswords: true};
   if (typeof args2 === 'object') {
     for (var argKey in args2) {
       opts[argKey] = args2[argKey];
@@ -1084,14 +1089,14 @@ Operation.prototype.asCurl = function (args1, args2) {
                 if (Array.isArray(paramValue)) {
                   if(parameter.collectionFormat === 'multi') {
                     for(var v in paramValue) {
-                      body += '-F ' + this.encodeQueryKey(parameter.name) + '=' + paramValue[v] + ' ';
+                      body += '-F ' + this.encodeQueryKey(parameter.name) + '=' + mask(paramValue[v], parameter.format) + ' ';
                     }
                   }
                   else {
-                    body += '-F ' + this.encodeQueryCollection(parameter.collectionFormat, parameter.name, paramValue) + ' ';
+                    body += '-F ' + this.encodeQueryCollection(parameter.collectionFormat, parameter.name, mask(paramValue, parameter.format)) + ' ';
                   }
                 } else {
-                  body += '-F ' + this.encodeQueryKey(parameter.name) + '=' + paramValue + ' ';
+                  body += '-F ' + this.encodeQueryKey(parameter.name) + '=' + mask(paramValue, parameter.format) + ' ';
                 }
               }
             }
@@ -1122,7 +1127,7 @@ Operation.prototype.asCurl = function (args1, args2) {
   return 'curl ' + (results.join(' ')) + ' \'' + obj.url + '\'';
 };
 
-Operation.prototype.encodePathCollection = function (type, name, value) {
+Operation.prototype.encodePathCollection = function (type, name, value, maskPasswords) {
   var encoded = '';
   var i;
   var separator = '';
@@ -1139,9 +1144,9 @@ Operation.prototype.encodePathCollection = function (type, name, value) {
 
   for (i = 0; i < value.length; i++) {
     if (i === 0) {
-      encoded = this.encodeQueryParam(value[i]);
+      encoded = this.encodeQueryParam(value[i], maskPasswords);
     } else {
-      encoded += separator + this.encodeQueryParam(value[i]);
+      encoded += separator + this.encodeQueryParam(value[i], maskPasswords);
     }
   }
 
@@ -1199,13 +1204,23 @@ Operation.prototype.encodeQueryKey = function (arg) {
       .replace('%5B','[').replace('%5D', ']').replace('%24', '$');
 };
 
-Operation.prototype.encodeQueryParam = function (arg) {
+Operation.prototype.encodeQueryParam = function (arg, maskPasswords) {
+  if(maskPasswords) {
+    return "******";
+  }
   return encodeURIComponent(arg);
 };
 
 /**
  * TODO revisit, might not want to leave '/'
  **/
-Operation.prototype.encodePathParam = function (pathParam) {
-  return encodeURIComponent(pathParam);
+Operation.prototype.encodePathParam = function (pathParam, maskPasswords) {
+  return encodeURIComponent(pathParam, maskPasswords);
 };
+
+var mask = function(value, format) {
+  if(typeof format === 'string' && format === 'password') {
+    return '******';
+  }
+  return value;
+}

test/browser/http.js

@@ -111,7 +111,6 @@ describe('yaml http', function () {
     it('should call the catch-function when executing an invalid api-call', function(done) {
       var petId = -100;
       petstoreWithPromise.pet.getPetById({petId: petId}).then(function (success) {
-        console.log('why?');
         console.log(success);
         done();
       }).catch(function(error) {

test/client.js

@@ -1471,6 +1471,42 @@ describe('SwaggerClient', function () {
     });
   });
 
+  it('should keep password format', function(done) {
+    var spec = {
+      schemes: ['https'],
+      paths: {
+        '/v2/nada': {
+          get: {
+            operationId: 'getNothing',
+            tags: [ 'test' ],
+            parameters: [{
+              in: 'query',
+              name: 'password',
+              type: 'string',
+              format: 'password',
+              required: true
+            }],
+            responses: {
+              default: {
+                description: 'ok'
+              }
+            }
+          }
+        }
+      }
+    };
+
+    new SwaggerClient({
+      url: 'http://localhost:8000',
+      spec: spec,
+      usePromise: true
+    }).then(function(client) {
+      expect(client.apis.test.operations.getNothing.parameters[0].format).toBe('password');
+      expect(client.apis.test.operations.getNothing.asCurl({password: 'hidden!'})).toBe('curl -X GET --header \'Accept: application/json\' \'https://localhost:8000/v2/nada?password=******\'');
+      done();
+    });
+  });
+
   it('should honor schemes', function(done) {
     var spec = {
       schemes: ['https'],

test/help.js

@@ -509,6 +509,40 @@ describe('help options', function () {
     });
   });
 
+  it('masks passwords in curl example', function (done) {
+    var spec = {
+      basePath: '/v2',
+      paths: {
+        '/test': {
+          post: {
+            tags: [ 'test' ],
+            operationId: 'sample',
+            parameters: [
+              {
+                in: 'query',
+                name: 'password',
+                type: 'string',
+                format: 'password',
+                required: true
+              }
+            ]
+          }
+        }
+      }
+    };
+
+    var client = new SwaggerClient({
+      url: 'http://petstore.swagger.io/v2/swagger.json',
+      spec: spec,
+      success: function () {
+        var msg = client.test.sample.asCurl({password: 'hidden!'});
+        expect(msg).toBe('curl -X POST --header \'Content-Type: application/json\' --header \'Accept: application/json\' \'http://petstore.swagger.io/v2/test?password=******\'');
+
+        done();
+      }
+    });
+  });
+
 
   it('shows curl for multipart/form-data with array parameters', function (done) {
     var spec = {